Hi Brian After some investigation I found the fix here: https://github.com/matrixssl/matrixssl/commit/57d20a6e85a9cd570884aba686368dd77511d866
This is a very large commit but from https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html it looks like it is the following files that were updated: - crypto/math/pstm.c - crypto/pubkey/dh.c - crypto/pubkey/rsa.c I hope this helps. Best regards // Ola // Ola On Wed, Aug 10, 2016 at 10:34 AM, Brian May <[email protected]> wrote: > Brian May <[email protected]> writes: > >> Had a quick look at the matrixssl security vulnerability. >> >> Unfortunately, finding it difficult to work out which of the upstream >> changes fixes this. > > Was meaning to be more informative here, unfortunately the train I was > travelling on unexpectedly terminated prematurely. > > Here is a complete list of changes in the upstream git: > > 866749e (tag: 3-8-4-open) MatrixSSL 3.8.4 > 458806d MatrixSSL 3.8.4 > a85d4a8 MatrixSSL 3.8.4 > 6db319d MatrixSSL 3.8.4 > 57d20a6 MatrixSSL 3.8.4 > 7a254a8 compile stub main if USE_DTLS not defined > 833e289 added PDF doc > 5d849c6 kramdown compatibility > d6e5786 coverity analyzer fixes > c4ff9f9 clang analyzer fixes > 27c76c7 Coverity scan fixes > 855a6d7 Coverity scan fixes > 5ca20e1 Coverity scan fixes > 464b9af GPLv2 > ac16cf8 Coverity scan fixes > b7583a1 Added badges > de55a7f Attribution > a90e925 (tag: 3-8-3-open) MatrixSSL 3.8.3 Open > 3240fb3 MatrixSSL 3.8.3 Open > 699247e MatrixSSL 3.8.3 Open > d219831 MatrixSSL 3.8.3 Open > 08d42f4 MatrixSSL 3.8.3 Open > 591a069 MatrixSSL 3.8.3 Open > 825dcb0 Added xcode files. > 7e6c0a9 MatrixSSL 3.8.3 Open > 5b09e8e MatrixSSL 3.8.3 Open > 2a11588 comment change > ab51aef Update for latest 3.7.2a release > 9d383e1 New release of MatrixSSL 3.7.2 > 258ee61 Update image url > 21a95e0 Added logo > 1dfc3fe Update README.md > -- > Brian May <[email protected]> > -- --- Inguza Technology AB --- MSc in Information Technology ---- / [email protected] Folkebogatan 26 \ | [email protected] 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
