Re: Ruby / OpenSSL security issue

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ruby / OpenSSL security issue

From:	Leo Famulari
Subject:	Re: Ruby / OpenSSL security issue
Date:	Fri, 30 Sep 2016 13:32:05 -0400
User-agent:	Mutt/1.7.0 (2016-08-17)

On Wed, Sep 21, 2016 at 11:19:45AM +1000, Ben Woodcroft wrote:
> On 21/09/16 05:05, Leo Famulari wrote:
> > On Tue, Sep 20, 2016 at 03:17:42PM +1000, Ben Woodcroft wrote:
> > > On 20/09/16 12:06, Leo Famulari wrote:
> > > > Ruby users,
> > > > 
> > > > There is a bug report on Ruby's OpenSSL module regarding IV re-use in
> > > > AES-GCM mode [0].
> > > > 
> > > > Does anyone volunteer to investigate the bug report and decide what to
> > > > do about it for our Ruby package?
> > > Thanks for the report Leo.  I don't think much can be done about this 
> > > until
> > > a fix is released, no? It is unfortunately been around since March on that
> > > GitHub page, hopefully the report on oss-sec will spur some action.
> > Okay, do you volunteer to track this bug upstream? :)
> 
> Sure, OK.

Ping :)

The Ruby developers have committed a fix, apparently:

http://seclists.org/oss-sec/2016/q3/680

[Prev in Thread]

Current Thread

[Next in Thread]

Ruby / OpenSSL security issue, Leo Famulari, 2016/09/19
- Re: Ruby / OpenSSL security issue, Ben Woodcroft, 2016/09/20
  - Re: Ruby / OpenSSL security issue, Leo Famulari, 2016/09/20
    - Re: Ruby / OpenSSL security issue, Ben Woodcroft, 2016/09/20
    - Re: Ruby / OpenSSL security issue, Leo Famulari <=
    - Re: Ruby / OpenSSL security issue, Ben Woodcroft, 2016/09/30

Prev by Date: Bash 4.4 upgrade
Next by Date: Re: Bash 4.4 upgrade
Previous by thread: Re: Ruby / OpenSSL security issue
Next by thread: Re: Ruby / OpenSSL security issue
Index(es):
- Date
- Thread