Leo Famulari <l...@famulari.name> skribis: > Some bugs in OpenSSL were recently disclosed. > > CVE-2016-2177 > http://seclists.org/oss-sec/2016/q2/500 > > CVE-2016-2178 > http://seclists.org/oss-sec/2016/q2/493 > > The second bug can apparently be used by an attacker to recover DSA > keys. And remember that OpenSSH uses OpenSSL, so it is affected too. > > Should we try cherry-picking the upstream commits from the OpenSSL > development repo?
Sounds like it. Could you look into it? Thanks for the heads-up! Ludo’.
