From owner-freebsd-bugbusters@FreeBSD.ORG  Thu Feb 13 07:11:12 2014
Return-Path: <owner-freebsd-bugbusters@FreeBSD.ORG>
Delivered-To: bugbusters@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 8EB055AF
 for <bugbusters@freebsd.org>; Thu, 13 Feb 2014 07:11:12 +0000 (UTC)
Received: from mail-wi0-f174.google.com (mail-wi0-f174.google.com
 [209.85.212.174])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 24F881232
 for <bugbusters@freebsd.org>; Thu, 13 Feb 2014 07:11:11 +0000 (UTC)
Received: by mail-wi0-f174.google.com with SMTP id f8so8118253wiw.7
 for <bugbusters@freebsd.org>; Wed, 12 Feb 2014 23:11:09 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc:content-type;
 bh=ALWIujdcQlRXRe/lVqSzgqzrKyK8Gsb8KXdTZ9ZL49c=;
 b=FvCfuacirKGxK9G6tylJAgkHhNe/KT/ialo95yhIju35W3DldQE7uBlXq/9tKCLbsP
 pzlikPCCbmzZtCf+CRTUOWuCTfq4ql0gWsBUu64bd8p6WTUHjs1oB1EjaMZemrzAHN4t
 RmHk+wWKTGgwzBJaJ+PTskjN+Cw5ZI4xAts4Qc3YGyFxDK8lsYRP8mKpkk0ohdniFddg
 12UwIKaLTfrErq/6t/IbY3Whmux9yQAlT8VvCGbAgAfPigTt7rWL6n+u2MBGF657Xbuu
 JSMi/5N4q87xHu9KS9N1kFP8PDKEPYCe1htk7JnyfQ8HrNBqzEGzHdK4k0lKFgXffEHQ
 kzKQ==
X-Gm-Message-State: ALoCoQmKE7TVZGYMT9WHm1byrgdi3o0NwUUPd2N6H7y0sermP6MIimdTSrMs/sGxuROvLtNYBg0O
X-Received: by 10.194.108.41 with SMTP id hh9mr20577wjb.89.1392275469670; Wed,
 12 Feb 2014 23:11:09 -0800 (PST)
MIME-Version: 1.0
Received: by 10.194.241.168 with HTTP; Wed, 12 Feb 2014 23:10:49 -0800 (PST)
In-Reply-To: <rt-4.0.13-24394-1392271280-1668.278019-5-0@engineering.redhat.com>
References: <RT-Ticket-278019@engineering.redhat.com>
 <CAM7LUF4MuEJ0DWKhDZ=P=Z7HME_F18a8K4LeSehccmPQP8xHpg@mail.gmail.com>
 <rt-4.0.13-24394-1392271280-1668.278019-5-0@engineering.redhat.com>
From: Pierre Carrier <pierre.carrier@airbnb.com>
Date: Wed, 12 Feb 2014 23:10:49 -0800
Message-ID: <CAM7LUF5dpkTOacFRtk9UErsq5sp_UnzRLCrEsdQtpKwEWU232w@mail.gmail.com>
Subject: Re: [engineering.redhat.com #278019] Insufficient salting in the
 net-ldap Ruby gem
To: secalert <secalert@redhat.com>
Content-Type: text/plain; charset=UTF-8
Cc: bugbusters <bugbusters@freebsd.org>, product.security@airbnb.com,
 pkgsrc-security <pkgsrc-security@netbsd.org>,
 Rory O'Connell <rory@berecruited.com>
X-BeenThere: freebsd-bugbusters@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Coordination of the Problem Report handling effort."
 <freebsd-bugbusters.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-bugbusters>, 
 <mailto:freebsd-bugbusters-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugbusters/>
List-Post: <mailto:freebsd-bugbusters@freebsd.org>
List-Help: <mailto:freebsd-bugbusters-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugbusters>, 
 <mailto:freebsd-bugbusters-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2014 07:11:12 -0000

On Wed, Feb 12, 2014 at 10:01 PM, Red Hat Security Response Team
<secalert@redhat.com> wrote:
> Please use CVE-2014-0083 for this issue. Also can an issue be opened upstream if it hasn't already been done? Thanks.

My understanding from a naive search is that the current active
project is github.com/ruby-ldap/ruby-net-ldap, and
rory@berecruited.com has been merging all pull requests there in
recent times, so I included them in the original email as the presumed
current upstream.

-- 
Pierre