Open tarcieri opened 6 years ago
@tarcieri This is the best course of action. I should have done that when the issue was exposed. Thanks for bringing it to my attention.
I've added a comment to your rubysec PR pointing to the issue where the bug was originally reported.
I'll try to open a CVE myself, if I am unable to figure it out I'll reach out for you help. Thank you.
Awesome, thanks!
Did a CVE ever get assigned to this? If not, can assign one...
@tarcieri, @saghaulor,
As part of my ruby-advisory-db repo work, I would like to offer my help to work with you in applying for a CVE for the Encryptor 2.0.0 issue covered by https://github.com/rubysec/ruby-advisory-db/issues/305 and this issue.
To start this process, I have collected all of the data I could find. It is in a format similar to ruby-advisory-db advisories.
Feel free to use the data or replace it as needed. I will help out as I can.
Thanks
CC: @reedloden @postmodern
I opened a ruby-advisory-db issue for the GCM nonce reuse issue in encryptor 2.0.0:
https://github.com/rubysec/ruby-advisory-db/issues/305
The first step is to obtain a CVE. Are you interested in doing that?
https://iwantacve.org
If not I can get one on your behalf.