On 01/02/17 00:29, Kurt Roeckx wrote: > On Tue, Jan 31, 2017 at 11:13:55PM +0100, Emilio Pozuelo Monfort wrote: >> Hi Kurt, >> >> I have prepared an update of openssl for wheezy based on 1.0.1t-1+deb8u6. I >> have >> done some smoke testing on it and it seems fine, but I haven't been able to >> verify the three fixes as I can't find exploits for them (there is mention of >> one for CVE-2016-8610 in [1] but I can't find the actual file). >> >> Do you have any suggestion for how to verify / test the update? >> >> Do you want to upload this or should I take care of it? > > Feel free to upload this. > > The usptream version in jessie and wheezy, so the patches should > just apply. > > I only have a test for the 32 bit crashes. It would require to get > the fuzzers working in the 1.0.1 version, which should be that > hard. > > The other would be a cache timing attack, and I really have no > good way to test that. > > I suggest you just upload it.
Thanks, I have uploaded it. Cheers, Emilio
