)]}'
{
  "commit": "4d7ba4e4e57195fcebdabe01489534b446ad02cb",
  "tree": "75f4dad053526ab75d1780737d5842dbd6ec1342",
  "parents": [
    "9f69f139ed1088daabb6525f0c9c34d1e89688f7"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Thu Dec 07 11:07:36 2017 -0500"
  },
  "committer": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Thu Dec 07 19:16:01 2017 +0000"
  },
  "message": "bn/asm/rsaz-avx2.pl: fix digit correction bug in rsaz_1024_mul_avx2.\n\nCredit to OSS-Fuzz for finding this.\n\nCVE-2017-3738\n\n(Imported from upstream\u0027s 5630661aecbea5fe3c4740f5fea744a1f07a6253 and\n77d75993651b63e872244a3256e37967bb3c3e9e.)\n\nConfirmed with Intel SDE that the fix makes the test vector pass and\nthat, without the fix, the test vector does not. (Well, we knew the\nlatter already, since it was our test vector.)\n\n(cherry-picked from 296a61d6007688a1472798879b81517920e35dff)\n\nChange-Id: I167aa3407ddab3b434bacbd18e099c55aa40ac4c\nReviewed-on: https://boringssl-review.googlesource.com/23884\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nReviewed-on: https://boringssl-review.googlesource.com/23924\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "0bb50cdb0a2d14ea2ffcb33312caa8bec4ec14e0",
      "old_mode": 33261,
      "old_path": "crypto/fipsmodule/bn/asm/rsaz-avx2.pl",
      "new_id": "32c21673a2fc319b2790820adb878096a1188d72",
      "new_mode": 33261,
      "new_path": "crypto/fipsmodule/bn/asm/rsaz-avx2.pl"
    },
    {
      "type": "modify",
      "old_id": "c53eb238261d302e88de2ad243adfeaff3221ae8",
      "old_mode": 33188,
      "old_path": "crypto/fipsmodule/bn/bn_tests.txt",
      "new_id": "ec10889304d7f4db13601e07fa8fa74452c7f60a",
      "new_mode": 33188,
      "new_path": "crypto/fipsmodule/bn/bn_tests.txt"
    }
  ]
}