[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Ruby / OpenSSL security issue
From: |
Leo Famulari |
Subject: |
Re: Ruby / OpenSSL security issue |
Date: |
Tue, 20 Sep 2016 15:05:02 -0400 |
User-agent: |
Mutt/1.7.0 (2016-08-17) |
On Tue, Sep 20, 2016 at 03:17:42PM +1000, Ben Woodcroft wrote:
> On 20/09/16 12:06, Leo Famulari wrote:
> > Ruby users,
> >
> > There is a bug report on Ruby's OpenSSL module regarding IV re-use in
> > AES-GCM mode [0].
> >
> > Does anyone volunteer to investigate the bug report and decide what to
> > do about it for our Ruby package?
>
> Thanks for the report Leo. I don't think much can be done about this until
> a fix is released, no? It is unfortunately been around since March on that
> GitHub page, hopefully the report on oss-sec will spur some action.
Okay, do you volunteer to track this bug upstream? :)