Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 Sep 2015 09:20:31 -0400
From: Justin Bull <me@...tinbull.ca>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: TOTP Replay Attack in Ruby library "devise-two-factor"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello,

After working with the vendor maintainers, a fix has been implemented and
released under version 2.0.0 of the software.

Upgrading notes can be found here:
https://github.com/tinfoil/devise-two-factor/blob/master/UPGRADING.md

- --
Best Regards,
Justin Bull
PGP Fingerprint: E09D 38DE 8FB7 5745 2044 A0F4 1A2B DEAA 68FD B34C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2

iQIcBAEBCgAGBQJV+WydAAoJEESFZfv8+htY/AIQAJHS2x/2n2/LYCTuuQ6oLTUL
y4mf6XTV3uSr1/oUNnWZPZ/a5c686GaU2x1yUSy0Sz58ayhpm9JcymA3KhNexOqG
uRb7RUGrLmeg7T//qoq4nf6+kfXQvEw1pSvV0C8mnthh2E3A3PhHA5L3XWT2cAnC
i3v6nLR53fXCepWOdzDtCRoxlvEEbM82q6RSC49pSqWiDyGzwjMV820EnUI4TqZw
cXGlaTUkBLUXTFG8fIFve9NruYiIVKAgaFrFIYhmhhAbVWc30zaMMFZdOvhGORIV
agjpscsPfwO/h+GPH7U1yD/nFAXln+vMukOcT/II+cXZoHMRmvtsgHbVoa3LHLKd
xH7xQv79u4V1sV+EFsi2KaqUq31inzWYOqi/QkDdbavNDtNl1ELVJjuv1PuhJTXz
pgLp54DUTlboqsKrsftYoKACsdbspuSzWDdttZfZrDxNNcgtJwpPBoMcZO1cDGUy
UQR0sGkfNmMtBxQBHvJKab7opoqfvZDmqlO9HjQxhm3sgHECQU9sFI+OPWx2fHkE
B8OIHkKZMUsfqUorJfacwSXZSt5jKxAIuNbJ5XW8DlK/gKCbRSl2YgdTzJ45txlh
r1tybDrlJRs9CGGJQ2PzFW/oPR7+KLKYHy1cEnleeORqaobsQVZPG8k7Fqt9eNOV
i6en/R8DgQTrohFjgWIn
=2Dd7
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ