Bug#720426: pu: package openssl/1.0.1e-2

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

On Mon, 2013-09-23 at 09:05 +0200, Kurt Roeckx wrote:
> On Mon, Sep 23, 2013 at 05:35:23AM +0200, Cyril Brulebois wrote:
> > Kurt Roeckx <kurt@roeckx.be> (2013-08-21):
> > >   * Add Polish translation (Closes: #658162)
> > >   * Add Turkish translation (Closes: #660971)
> > >   * Enable assembler for the arm targets, and remove armeb.
> > >     Patch by Riku Voipio <riku.voipio@iki.fi> (Closes: #676533)
> > >   * enable ec_nistp_64_gcc_128 on *-amd64 (Closes: #698447)
> > 
> > I'm sorry but I don't think wishlist bug reports qualify for stable
> > uploads. As usual, we could use more consistency across documentation,
> > but either devref[1] or p-u[2] pages give an overview of what can be
> > considered.
> 
> I actually consider the arm assembler and nistp curves to be
> important, even if the bugs might only be filed at severity
> level wishlist.  The nistp curves are even security related
> since they are then implemented with constant time removing
> a side channel attack.

I have to agree with Cyril here that the bug really shouldn't have such
a low severity if it has genuine security impact.

The changes have obviously had significant testing in unstable and
testing by now; have any further related changes been required? Have the
changes had any testing in a stable environment?

Regards,

Adam