[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
- Subject: [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
- From: bicknell at ufp.org (Leo Bicknell)
- Date: Wed, 5 Mar 2014 14:21:56 -0600
- In-reply-to: <[email protected]>
- References: <[email protected]>
On Mar 4, 2014, at 9:07 PM, Jay Ashworth <jra at baylink.com> wrote:
> Is this the *same* bug that just broke in Apple code last week?
No, the Apple bug was the existence of an /extra/ "goto fail;".
The GnuTLS bug was that it was /missing/ a "goto fail;".
I'm figuring the same developer worked on both, and just put the line in the wrong repository. :)
And yes, while this is a joke, Apple fixed their bug by removing a "goto fail;", and GnuTLS fixed theirs by adding a "goto fail;". I can't make up something that funny.
https://www.imperialviolet.org/2014/02/22/applebug.html
http://blog.existentialize.com/the-story-of-the-gnutls-bug.html
--
Leo Bicknell - bicknell at ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 793 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140305/83849c2a/attachment.bin>