oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: rubygems insecure download (and other problems)

From: Henri Salo <henri () nerv fi>
Date: Thu, 15 Aug 2013 11:46:57 +0300
On Thu, Aug 15, 2013 at 10:37:45AM +0200, Marcus Meissner wrote:

So the implicit assumption "installing gems is secure" is violated here, which would
require a CVE I think.

Ciao, Marcus


This deserves CVE. There is already CVEs for similar issues. CVE per software if
I am correct not one CVE for all similar issues.

Kurt, comments?

---
Henri Salo

Attachment: signature.asc
Description: Digital signature

Previous By Date Next
Previous By Thread Next

Current thread: