[ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping

• Previous message (by thread): [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
• Next message (by thread): [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mar 4, 2014, at 9:07 PM, Jay Ashworth <jra at baylink.com> wrote:

> Is this the *same* bug that just broke in Apple code last week?

No, the Apple bug was the existence of an /extra/ "goto fail;".

The GnuTLS bug was that it was /missing/ a "goto fail;".

I'm figuring the same developer worked on both, and just put the line in the wrong repository. :)




And yes, while this is a joke, Apple fixed their bug by removing a "goto fail;", and GnuTLS fixed theirs by adding a "goto fail;".  I can't make up something that funny.

https://www.imperialviolet.org/2014/02/22/applebug.html
http://blog.existentialize.com/the-story-of-the-gnutls-bug.html

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 793 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140305/83849c2a/attachment.sig>

• Previous message (by thread): [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
• Next message (by thread): [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]