Date: Thu, 13 Feb 2014 11:44:49 -0500 From: Red Hat Security Response Team <secalert@redhat.com> To: pierre.carrier@airbnb.com Cc: bugbusters@freebsd.org, product.security@airbnb.com, pkgsrc-security@netbsd.org, rory@berecruited.com Subject: [engineering.redhat.com #278019] Insufficient salting in the net-ldap Ruby gem Message-ID: <rt-4.0.13-9525-1392309889-548.278019-5-0@engineering.redhat.com> In-Reply-To: <rt-4.0.13-15902-1392275475-1306.278019-5-0@engineering.redhat.com> References: <RT-Ticket-278019@engineering.redhat.com> <CAM7LUF4MuEJ0DWKhDZ=P=Z7HME_F18a8K4LeSehccmPQP8xHpg@mail.gmail.com> <rt-4.0.13-24394-1392271280-1668.278019-5-0@engineering.redhat.com> <CAM7LUF5dpkTOacFRtk9UErsq5sp_UnzRLCrEsdQtpKwEWU232w@mail.gmail.com> <rt-4.0.13-15902-1392275475-1306.278019-5-0@engineering.redhat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu Feb 13 00:11:15 2014, pierre.carrier@airbnb.com wrote: > On Wed, Feb 12, 2014 at 10:01 PM, Red Hat Security Response Team > <secalert@redhat.com> wrote: > > Please use CVE-2014-0083 for this issue. Also can an issue be opened > upstream if it hasn't already been done? Thanks. > > My understanding from a naive search is that the current active > project is github.com/ruby-ldap/ruby-net-ldap, and > rory@berecruited.com has been merging all pull requests there in > recent times, so I included them in the original email as the presumed > current upstream. > Excellent, thanks. Also can someone post this to oss-security? I suspect quite a few people are using this gem. If needed I can do the posting. -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?rt-4.0.13-9525-1392309889-548.278019-5-0>