Re: Ruby / OpenSSL security issue

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ruby / OpenSSL security issue

From:	Ben Woodcroft
Subject:	Re: Ruby / OpenSSL security issue
Date:	Wed, 21 Sep 2016 11:19:45 +1000
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0

On 21/09/16 05:05, Leo Famulari wrote:

On Tue, Sep 20, 2016 at 03:17:42PM +1000, Ben Woodcroft wrote:

On 20/09/16 12:06, Leo Famulari wrote:

Ruby users,

There is a bug report on Ruby's OpenSSL module regarding IV re-use in
AES-GCM mode [0].

Does anyone volunteer to investigate the bug report and decide what to
do about it for our Ruby package?

Thanks for the report Leo.  I don't think much can be done about this until
a fix is released, no? It is unfortunately been around since March on that
GitHub page, hopefully the report on oss-sec will spur some action.

Okay, do you volunteer to track this bug upstream? :)


Sure, OK.
ben

[Prev in Thread]

Current Thread

[Next in Thread]

Ruby / OpenSSL security issue, Leo Famulari, 2016/09/19
- Re: Ruby / OpenSSL security issue, Ben Woodcroft, 2016/09/20
  - Re: Ruby / OpenSSL security issue, Leo Famulari, 2016/09/20
    - Re: Ruby / OpenSSL security issue, Ben Woodcroft <=
    - Re: Ruby / OpenSSL security issue, Leo Famulari, 2016/09/30
    - Re: Ruby / OpenSSL security issue, Ben Woodcroft, 2016/09/30

Prev by Date: Re: [PATCH 23/42] gnu: ghc-fgl: Update to 5.5.3.0.
Next by Date: Re: [PATCH 42/42] gnu: Add darcs.
Previous by thread: Re: Ruby / OpenSSL security issue
Next by thread: Re: Ruby / OpenSSL security issue
Index(es):
- Date
- Thread