oss-sec mailing list archives
Re: CVE request: ruby on rails flaws (4)
From: Josh Bressers <bressers () redhat com>
Date: Mon, 22 Aug 2011 16:26:26 -0400 (EDT)
----- Original Message -----
Sorry, there is one more flaw that needs a CVE assignment: Response splitting flaw in 2.3.x (3.0.0 and later not affected). http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768 https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9 https://bugzilla.redhat.com/show_bug.cgi?id=732156
Use CVE-2011-3186
Thanks.
--
JB
Current thread:
- CVE request: ruby on rails flaws (4) Vincent Danen (Aug 17)
- Re: CVE request: ruby on rails flaws (4) Josh Bressers (Aug 19)
- Re: CVE request: ruby on rails flaws (4) Vincent Danen (Aug 19)
- Re: CVE request: ruby on rails flaws (4) Josh Bressers (Aug 22)
- Re: CVE request: ruby on rails flaws (4) Matthias Weckbecker (Aug 22)
- Re: CVE request: ruby on rails flaws (4) Josh Bressers (Aug 22)
- Re: CVE request: ruby on rails flaws (4) Vincent Danen (Aug 19)
- Re: CVE request: ruby on rails flaws (4) Josh Bressers (Aug 19)