oss-sec mailing list archives

Re: CVE Request: various gems in aftermath of rubygem actionpack issue

From: Olivier Gonzalez <gonzoyumo () gmail com>
Date: Sat, 2 Mar 2013 00:19:50 +0100

hi,

this is probably what you're looking for:

crack: https://github.com/jnunemaker/crack/commit/e3da1212a1f84a898ee3601336d1dbbf118fb5f6  
httparty: https://github.com/jnunemaker/httparty/commit/53a812426dd32108d6cba4272b493aa03bc8c031
extlib: 
https://github.com/datamapper/extlib/compare/b4f98174ec35ac96f76a08d5624fad05d22879b5…4540e7102b803624cc2eade4bb8aaaa934fc31c5
 
(https://github.com/datamapper/extlib/compare/b4f98174ec35ac96f76a08d5624fad05d22879b5...4540e7102b803624cc2eade4bb8aaaa934fc31c5)

Thanks


--  
Olivier Gonzalez


Le vendredi 1 mars 2013 à 22:47, Kurt Seifried a écrit :

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
On 03/01/2013 09:43 AM, Marcus Meissner wrote:

Hi,
 
I think these rubygem updates have got no CVE entry/ies yet:  
https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately
 
Or should we use the Rubygem Action Pack CVE ids for it too
(CVE-2013-0156)?
 
Ciao, Marcus

 
I need details before I can assign CVEs for those. Can you maybe
generate diffs that show the code fixes and post them? thanks.
 
 
- --  
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
 
iQIcBAEBAgAGBQJRMSHdAAoJEBYNRVNeJnmT++EQAMFrGA3xK63k8hnei6SlCbzr
4NtLcwXMMbDLGiqUQU85TVwLZoqpCvD2AYee6BmvpFLMQK4x8MjS5fzqo2sU7ziO
Q53nIed/brfvdC8b7Y0PnetIuH9wjS1zN7vwLrQAPuadH8jLvpYLE18daw7Yhg1R
EHR8ZsFp4tt3zBAGHOATvHgZYUl235ZfJHf4YNy8kbNABgqkz7/h4/UdB8iW6oXO
aQzV18Ote93+Zr0YB6TKBhKanCVOP06mX/QO8M5UpF8EGlci71pODy/VQdC9hfTn
HEXYgr9zLTqItk//5xDKss1mjYg6+uTD50isO6vST/zpdK/K5pFehfRRN7dTb+7B
XppJehNxJdtRxy4JRGBgbMjYydsrXKqkD2knOcBOCSm7bZ/UYYq4kdsiZrkrUHxs
3QFidLOiOwxn0S5HrAmSYfpQ4KAnX9TzMZqjxAuvj4ehaGg12NsoU3uxC8YC53Nz
woCBC3vAvx/C0WdVviLEkPSMfFh25fGlBR/B1ViNnYMrBEVKnyISVBhIdPqRyno2
xHrvj0/Y19CCMLyHEIli4JnPlW1AwbkxAj88G82p/24HEB3VP8Bx0lQHyieTGm5E
I2s1XxraGAqB+mn1i4EAQax3p0FoC4uU9rkd7FGefl0O9hMETafROLEsX7lSiB0B
cp/rdxYeZrSB44XUjqOd
=DtfD
-----END PGP SIGNATURE-----

Current thread:

CVE Request: various gems in aftermath of rubygem actionpack issue Marcus Meissner (Mar 01)
- Re: CVE Request: various gems in aftermath of rubygem actionpack issue Reed Loden (Mar 01)
- Re: CVE Request: various gems in aftermath of rubygem actionpack issue Kurt Seifried (Mar 01)
  - Re: CVE Request: various gems in aftermath of rubygem actionpack issue Olivier Gonzalez (Mar 01)
    - Re: CVE Request: various gems in aftermath of rubygem actionpack issue Kurt Seifried (Mar 02)