On 20/09/16 12:06, Leo Famulari wrote:
Ruby users,

There is a bug report on Ruby's OpenSSL module regarding IV re-use in
AES-GCM mode [0].

Does anyone volunteer to investigate the bug report and decide what to
do about it for our Ruby package?

Thanks for the report Leo. I don't think much can be done about this until a fix is released, no? It is unfortunately been around since March on that GitHub page, hopefully the report on oss-sec will spur some action.


Reply via email to