oss-sec mailing list archives
Re: CVE Request: various gems in aftermath of rubygem actionpack issue
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 01 Mar 2013 14:47:09 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/01/2013 09:43 AM, Marcus Meissner wrote:
Hi, I think these rubygem updates have got no CVE entry/ies yet: https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately Or should we use the Rubygem Action Pack CVE ids for it too (CVE-2013-0156)? Ciao, Marcus
I need details before I can assign CVEs for those. Can you maybe generate diffs that show the code fixes and post them? thanks. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRMSHdAAoJEBYNRVNeJnmT++EQAMFrGA3xK63k8hnei6SlCbzr 4NtLcwXMMbDLGiqUQU85TVwLZoqpCvD2AYee6BmvpFLMQK4x8MjS5fzqo2sU7ziO Q53nIed/brfvdC8b7Y0PnetIuH9wjS1zN7vwLrQAPuadH8jLvpYLE18daw7Yhg1R EHR8ZsFp4tt3zBAGHOATvHgZYUl235ZfJHf4YNy8kbNABgqkz7/h4/UdB8iW6oXO aQzV18Ote93+Zr0YB6TKBhKanCVOP06mX/QO8M5UpF8EGlci71pODy/VQdC9hfTn HEXYgr9zLTqItk//5xDKss1mjYg6+uTD50isO6vST/zpdK/K5pFehfRRN7dTb+7B XppJehNxJdtRxy4JRGBgbMjYydsrXKqkD2knOcBOCSm7bZ/UYYq4kdsiZrkrUHxs 3QFidLOiOwxn0S5HrAmSYfpQ4KAnX9TzMZqjxAuvj4ehaGg12NsoU3uxC8YC53Nz woCBC3vAvx/C0WdVviLEkPSMfFh25fGlBR/B1ViNnYMrBEVKnyISVBhIdPqRyno2 xHrvj0/Y19CCMLyHEIli4JnPlW1AwbkxAj88G82p/24HEB3VP8Bx0lQHyieTGm5E I2s1XxraGAqB+mn1i4EAQax3p0FoC4uU9rkd7FGefl0O9hMETafROLEsX7lSiB0B cp/rdxYeZrSB44XUjqOd =DtfD -----END PGP SIGNATURE-----
Current thread:
- CVE Request: various gems in aftermath of rubygem actionpack issue Marcus Meissner (Mar 01)
- Re: CVE Request: various gems in aftermath of rubygem actionpack issue Reed Loden (Mar 01)
- Re: CVE Request: various gems in aftermath of rubygem actionpack issue Kurt Seifried (Mar 01)
- Re: CVE Request: various gems in aftermath of rubygem actionpack issue Olivier Gonzalez (Mar 01)
- Re: CVE Request: various gems in aftermath of rubygem actionpack issue Kurt Seifried (Mar 02)
- Re: CVE Request: various gems in aftermath of rubygem actionpack issue Olivier Gonzalez (Mar 01)