oss-sec mailing list archives
Re: CVE request: ruby information disclosure
From: Tomas Hoger <thoger () redhat com>
Date: Mon, 10 Mar 2008 08:35:12 +0100
On Sun, 09 Mar 2008 17:18:04 -0800 Jonathan Smith <smithj () freethemallocs com> wrote:
Gentoo has an open bug [1] indicating a minor information disclosure issue in ruby. They also sortof indicate that there has been a CVE request, but I can't find it anywhere. So either consider this a request or a ping on an existing request :) rPath also has an issue [2] if you need references. [1]: https://bugs.gentoo.org/show_bug.cgi?id=212264 [2]: https://issues.rpath.com/browse/RPL-2338
CVE-2008-1145 http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/ for better reference. Check NVD site [1], as CVE descriptions frequently appear there hours to days earlier than on CVE site. [1] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1145 -- Tomas Hoger Red Hat Security Response Team
Current thread:
- CVE request: ruby information disclosure Jonathan Smith (Mar 09)
- Re: CVE request: ruby information disclosure Tomas Hoger (Mar 10)