Bug#842432: ruby2.3: CVE-2016-7798: IV Reuse in GCM Mode

Moritz Mühlenhoff Sun, 28 May 2017 04:09:37 -0700

On Thu, Jan 05, 2017 at 08:08:14PM +0100, Salvatore Bonaccorso wrote:
> Hi Christian,
> 
> On Wed, Nov 16, 2016 at 02:48:03AM +0100, Christian Hofstaedtler wrote:
> > Hi,
> > 
> > * Salvatore Bonaccorso <car...@debian.org> [161116 01:46]:
> > > Source: ruby2.3
> > > [...]
> > > [0] https://security-tracker.debian.org/tracker/CVE-2016-7798
> > > [1] https://github.com/ruby/openssl/issues/49
> > > [2] 
> > > https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062
> > 
> > I'm attaching a potential patch against ruby2.3 2.3.2. Any review
> > would be most welcome.
> 
> The patch looks sane to me. Do you have any chance to let it review
> from upstream for the 2.3 version? Antonio?


What's the status?

Cheers,
        Moritz

Bug#842432: ruby2.3: CVE-2016-7798: IV Reuse in GCM Mode

Reply via email to