oss-sec mailing list archives

Re: CVE request: ruby information disclosure

From: Tomas Hoger <thoger () redhat com>
Date: Mon, 10 Mar 2008 08:35:12 +0100

On Sun, 09 Mar 2008 17:18:04 -0800 Jonathan Smith
<smithj () freethemallocs com> wrote:

Gentoo has an open bug [1] indicating a minor information disclosure
issue in ruby. They also sortof indicate that there has been a CVE
request, but I can't find it anywhere. So either consider this a
request or a ping on an existing request :)

rPath also has an issue [2] if you need references.

[1]: https://bugs.gentoo.org/show_bug.cgi?id=212264
[2]: https://issues.rpath.com/browse/RPL-2338


CVE-2008-1145

http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/
for better reference.

Check NVD site [1], as CVE descriptions frequently appear there hours to
days earlier than on CVE site.

[1] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1145

-- 
Tomas Hoger
Red Hat Security Response Team

Current thread:

CVE request: ruby information disclosure Jonathan Smith (Mar 09)
- Re: CVE request: ruby information disclosure Tomas Hoger (Mar 10)