[DRE-maint] Bug#742706: ruby-net-ldap: CVE-2014-0083

Jonas Genannt jonas at brachium-system.net
Fri Mar 28 18:49:18 UTC 2014


Hello Moritz,

thanks for your report. I have checked the version in Debian, and I think they are not
affected by this SSHA salt problem:


http://anonscm.debian.org/gitweb/?p=pkg-ruby-extras/ruby-net-ldap.git;a=blob;f=lib/net/ldap/password.rb;h=503c7fe6b30870a7a33890f74b1da060cff40399;hb=HEAD

Upstream (newer version) with SSHA:
	https://github.com/ruby-ldap/ruby-net-ldap/blob/master/lib/net/ldap/password.rb

I think we can close the bug?

Greets,
	Jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20140328/db6723e9/attachment.sig>


More information about the Pkg-ruby-extras-maintainers mailing list