[engineering.redhat.com #278019] Insufficient salting in the net-ldap Ruby gem

Red Hat Security Response Team secalert at redhat.com
Thu Feb 13 16:44:58 UTC 2014

On Thu Feb 13 00:11:15 2014, pierre.carrier at airbnb.com wrote:
> On Wed, Feb 12, 2014 at 10:01 PM, Red Hat Security Response Team
> <secalert at redhat.com> wrote:
> > Please use CVE-2014-0083 for this issue. Also can an issue be opened
> upstream if it hasn't already been done? Thanks.
> My understanding from a naive search is that the current active
> project is github.com/ruby-ldap/ruby-net-ldap, and
> rory at berecruited.com has been merging all pull requests there in
> recent times, so I included them in the original email as the presumed
> current upstream.

Excellent, thanks. Also can someone post this to oss-security? I suspect quite a few people are using this gem. If needed I can do the posting. 

Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

More information about the freebsd-bugbusters mailing list