On Tue, Sep 20, 2016 at 03:17:42PM +1000, Ben Woodcroft wrote: > On 20/09/16 12:06, Leo Famulari wrote: > > Ruby users, > > > > There is a bug report on Ruby's OpenSSL module regarding IV re-use in > > AES-GCM mode [0]. > > > > Does anyone volunteer to investigate the bug report and decide what to > > do about it for our Ruby package? > > Thanks for the report Leo. I don't think much can be done about this until > a fix is released, no? It is unfortunately been around since March on that > GitHub page, hopefully the report on oss-sec will spur some action.
Okay, do you volunteer to track this bug upstream? :)
