Re: Ruby / OpenSSL security issue

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ruby / OpenSSL security issue

From:	Ben Woodcroft
Subject:	Re: Ruby / OpenSSL security issue
Date:	Tue, 20 Sep 2016 15:17:42 +1000
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0



On 20/09/16 12:06, Leo Famulari wrote:

Ruby users,

There is a bug report on Ruby's OpenSSL module regarding IV re-use in
AES-GCM mode [0].

Does anyone volunteer to investigate the bug report and decide what to
do about it for our Ruby package?

Thanks for the report Leo. I don't think much can be done about thisuntil a fix is released, no? It is unfortunately been around since Marchon that GitHub page, hopefully the report on oss-sec will spur some action.

ben

[Prev in Thread]

Current Thread

[Next in Thread]

Ruby / OpenSSL security issue, Leo Famulari, 2016/09/19
- Re: Ruby / OpenSSL security issue, Ben Woodcroft <=
  - Re: Ruby / OpenSSL security issue, Leo Famulari, 2016/09/20
    - Re: Ruby / OpenSSL security issue, Ben Woodcroft, 2016/09/20
    - Re: Ruby / OpenSSL security issue, Leo Famulari, 2016/09/30
    - Re: Ruby / OpenSSL security issue, Ben Woodcroft, 2016/09/30

Prev by Date: [PATCH 2/2] gnu: perl: Enable threading support.
Next by Date: Re: [Patch 1/10] Add pjproject.
Previous by thread: Ruby / OpenSSL security issue
Next by thread: Re: Ruby / OpenSSL security issue
Index(es):
- Date
- Thread