oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: ruby file creation due in insertion of illegal NUL character

From: "U.Nakamura" <usa () garbagecollect jp>
Date: Tue, 16 Oct 2012 09:01:08 +0900
Hello,

In message "Re: [oss-security] CVE request: ruby file creation due in insertion of illegal NUL character"
    on Oct.14,2012 04:48:50, <kseifried () redhat com> wrote:

The fix is located here:

http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163

I don't see a CVE name associated with the announcement or commit, so
I don't believe one has been assigned.


Agreed, user controlled file creation in this manner is definitely a
security issue.

Please use CVE-2012-4522 for this issue.


Thank you.

I've added the mention about the CVE number to the announcement
on Ruby Web SIte.


Regards,
-- 
U.Nakamura <usa () garbagecollect jp>
Previous By Date Next
Previous By Thread Next

Current thread: