CVE for encryptor 2.0.0 #30
Comments
|
@tarcieri This is the best course of action. I should have done that when the issue was exposed. Thanks for bringing it to my attention. I've added a comment to your rubysec PR pointing to the issue where the bug was originally reported. I'll try to open a CVE myself, if I am unable to figure it out I'll reach out for you help. Thank you. |
|
Awesome, thanks! |
|
Did a CVE ever get assigned to this? If not, can assign one... |
|
As part of my ruby-advisory-db repo work, I would like to offer my help to work with you in applying for a CVE for the Encryptor 2.0.0 issue covered by rubysec/ruby-advisory-db#305 and this issue. To start this process, I have collected all of the data I could find. It is in a format similar to ruby-advisory-db advisories. Feel free to use the data or replace it as needed. I will help out as I can. Thanks |
I opened a ruby-advisory-db issue for the GCM nonce reuse issue in encryptor 2.0.0:
rubysec/ruby-advisory-db#305
The first step is to obtain a CVE. Are you interested in doing that?
https://iwantacve.org
If not I can get one on your behalf.
The text was updated successfully, but these errors were encountered: