On Sun, Dec 22, 2013 at 07:14:00PM +0100, Kurt Roeckx wrote: > On Sun, Dec 22, 2013 at 12:25:16AM +0100, Kurt Roeckx wrote: > > But I'm also thinking about at least #732710 > > > > There are also things like: > > Author: Dr. Stephen Henson <st...@openssl.org> > > Date: Mon Sep 16 05:23:44 2013 +0100 > > > > Disable Dual EC DRBG. > > > > Return an error if an attempt is made to enable the Dual EC DRBG: it > > is not used by default. > > > > And there is a whole bunch of other things I want to get fixed but > > which are less important. > > And then this just appeared in git too: > commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b > Author: Dr. Stephen Henson <st...@openssl.org> > Date: Fri Dec 20 15:26:50 2013 +0000 > > Fix DTLS retransmission from previous session. > > For DTLS we might need to retransmit messages from the previous session > so keep a copy of write context in DTLS retransmission buffers instead > of replacing it after sending CCS. CVE-2013-6450.
So after looking at things, I have about 25 patches I'd like to move to testing. For security I would like to have the following: - CVE-2013-6449: 0294b2be5f4c11e60620c0018674ff0e17b14238 + ca989269a2876bae79393bd54c3e72d49975fc75 - CVE-2013-6450: 34628967f1e65dc8f34e000f0f5518e21afbfc7b - disable rdrand: 1c2c5e402a757a63d690bd2390bd6b8b491ef184 - Disable Dual EC DRBG: a4870de5aaef562c0947494b410a2387f3a6d04d Kurt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
