|
From: | Ben Woodcroft |
Subject: | Re: Ruby / OpenSSL security issue |
Date: | Tue, 20 Sep 2016 15:17:42 +1000 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 |
On 20/09/16 12:06, Leo Famulari wrote:
Ruby users, There is a bug report on Ruby's OpenSSL module regarding IV re-use in AES-GCM mode [0]. Does anyone volunteer to investigate the bug report and decide what to do about it for our Ruby package?
Thanks for the report Leo. I don't think much can be done about this until a fix is released, no? It is unfortunately been around since March on that GitHub page, hopefully the report on oss-sec will spur some action.
ben
[Prev in Thread] | Current Thread | [Next in Thread] |