oss-sec mailing list archives
Re: rubygems insecure download (and other problems)
From: Henri Salo <henri () nerv fi>
Date: Thu, 15 Aug 2013 11:46:57 +0300
On Thu, Aug 15, 2013 at 10:37:45AM +0200, Marcus Meissner wrote:
So the implicit assumption "installing gems is secure" is violated here, which would require a CVE I think. Ciao, Marcus
This deserves CVE. There is already CVEs for similar issues. CVE per software if I am correct not one CVE for all similar issues. Kurt, comments? --- Henri Salo
Attachment:
signature.asc
Description: Digital signature
Current thread:
- rubygems insecure download (and other problems) Kurt Seifried (Aug 14)
- Re: rubygems insecure download (and other problems) Donald Stufft (Aug 14)
- Re: rubygems insecure download (and other problems) Marcus Meissner (Aug 15)
- Re: rubygems insecure download (and other problems) Henri Salo (Aug 15)
- Re: rubygems insecure download (and other problems) Kurt Seifried (Aug 15)
- RE: rubygems insecure download (and other problems) Christey, Steven M. (Aug 15)
- Re: rubygems insecure download (and other problems) Marcus Meissner (Aug 15)
- Re: rubygems insecure download (and other problems) Donald Stufft (Aug 14)
- Re: HTTPS (was: rubygems insecure download (and other problems)) gremlin (Aug 14)
- Re: HTTPS (was: rubygems insecure download (and other problems)) Donald Stufft (Aug 14)
- Re: HTTPS (was: rubygems insecure download (and other problems)) Pavel Labushev (Aug 16)
- Message not available
- Re: HTTPS Kurt Seifried (Aug 21)
- Re: HTTPS Pavel Labushev (Aug 22)
- Re: HTTPS (was: rubygems insecure download (and other problems)) Donald Stufft (Aug 14)