Guido Günther writes:
> They are basically identical but the git version got a length check
> added in 3.8.4 which is missing in Wheezy and which is responsible for
> the crashes detailed here:
>
>
> https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html
>
> I di
Brian May writes:
> I will have a look and see if I can hack^h^h^h^hpatch the Debian package
> to include the above security fix; although I don't have any exploits
> test it with.
Ok, I have attached my proposed debdiff patch. It builds using sbuild. I
haven't claimed this package, and unlikely
This month I had 14.75 hours and I spent my 14.751 hours on the
following projects:
* New release of python-django for wheezy. This release did not fix
any security issues, but did fix a number of bugs.
* Research security issue in twisted, CVE-2016-1000111. I concluded
that it wasn't a secur
On Mon, Aug 22, 2016 at 06:15:33PM +1000, Brian May wrote:
> Brian May writes:
>
> > I will have a look and see if I can hack^h^h^h^hpatch the Debian package
> > to include the above security fix; although I don't have any exploits
> > test it with.
>
> Ok, I have attached my proposed debdiff pa
Hi Guido
Brian wrote in his mail that he had not tried to reproduce the crash.
Quote:
"...although I don't have any exploits test it with."
Best regards
// Ola
On Tue, Aug 23, 2016 at 7:22 AM, Guido Günther wrote:
> On Mon, Aug 22, 2016 at 06:15:33PM +1000, Brian May wrote:
>> Brian May write
