nanog mailing list archives
Re: [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
From: Leo Bicknell <bicknell () ufp org>
Date: Wed, 5 Mar 2014 14:21:56 -0600
On Mar 4, 2014, at 9:07 PM, Jay Ashworth <jra () baylink com> wrote:
Is this the *same* bug that just broke in Apple code last week?
No, the Apple bug was the existence of an /extra/ "goto fail;". The GnuTLS bug was that it was /missing/ a "goto fail;". I'm figuring the same developer worked on both, and just put the line in the wrong repository. :) And yes, while this is a joke, Apple fixed their bug by removing a "goto fail;", and GnuTLS fixed theirs by adding a "goto fail;". I can't make up something that funny. https://www.imperialviolet.org/2014/02/22/applebug.html http://blog.existentialize.com/the-story-of-the-gnutls-bug.html -- Leo Bicknell - bicknell () ufp org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Fwd: [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping Jay Ashworth (Mar 04)
- Re: Fwd: [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping Matt Palmer (Mar 04)
- Re: [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping Leo Bicknell (Mar 05)