oss-sec mailing list archives
Re: CVE Request: various gems in aftermath of rubygem actionpack issue
From: Kurt Seifried <kseifried () redhat com>
Date: Sat, 02 Mar 2013 01:26:06 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/01/2013 04:19 PM, Olivier Gonzalez wrote:
hi, this is probably what you're looking for:
Perfect, that's exactly what I need
crack: https://github.com/jnunemaker/crack/commit/e3da1212a1f84a898ee3601336d1dbbf118fb5f6
Please use CVE-2013-1800 for this issue.
httparty: https://github.com/jnunemaker/httparty/commit/53a812426dd32108d6cba4272b493aa03bc8c031
Please
use CVE-2013-1801 for this issue.
extlib: https://github.com/datamapper/extlib/compare/b4f98174ec35ac96f76a08d5624fad05d22879b5…4540e7102b803624cc2eade4bb8aaaa934fc31c5 (https://github.com/datamapper/extlib/compare/b4f98174ec35ac96f76a08d5624fad05d22879b5...4540e7102b803624cc2eade4bb8aaaa934fc31c5)
Please
use CVE-2013-1802 for this issue.
Thanks
No, thank you!
-- Olivier Gonzalez Le vendredi 1 mars 2013 à 22:47, Kurt Seifried a écrit : On 03/01/2013 09:43 AM, Marcus Meissner wrote:Hi, I think these rubygem updates have got no CVE entry/ies yet: https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately Or should we use the Rubygem Action Pack CVE ids for it too (CVE-2013-0156)? Ciao, MarcusI need details before I can assign CVEs for those. Can you maybe generate diffs that show the code fixes and post them? thanks.
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRMbeYAAoJEBYNRVNeJnmThgsQAM5P+LtYMk6QDqudEofNnKB2 qNwq2+K00orUhiRIfagvDKHdFBwl2bW5nVz+hpSlm3oY5Ty8SYHJEOlXkRr7YRHS k8zU7G9Hcj2Bs54wvTReccZn6mm4aS3qyEIWddKh6eTToL53Qmw6FVhGKir/i4Yn UC89ckVDUGiProf80FLow4sjkFsF9BaKHvsQ3Jb2pnh/ssKW+fJ8BMrFdlxpvb7x 8KPGuM4O5G8auSUVkIzV4T8bYZqtD3M/emK9nsAP2H7mez/cOgMdMK/J7XZCIhsO 3yzya1t+34TIE5E71Q0BGP/m4Z+90M3gTxSsfzz9Z2MwKrPTOGl11bpzV9PsWVPC sNxYvGmZoMBKWZ5JMP8Whf9KnrAdzWwrX6ZVYx1uGBdDGgfebYVQIwqIQioce33c vaCSO50Cf5nemJJ7bOD9pQjbwWKFNTBxCvXaZLDxHWt7I6TIYnuylVpflM60Qt3+ bTaQVRsDunT38iDqwpWQAaWbEzsxKD49XIF3prHDg6Kyu0GYQg66wgue3c0OzUaI lG6OmfoebDy2L8b9J3z8mVk6r90r0tI2C9jfJdQAWKEiLnuTKGRcxF81WfVfFSyb sHLnYVQ950NlUSlhgsdjf/vZLvZALzbOfZWkg0HSlf7u+Ls6Q+4Btb6TcM81gdro H2P7lTrwu6o7ccbFWv93 =lYo5 -----END PGP SIGNATURE-----
Current thread:
- CVE Request: various gems in aftermath of rubygem actionpack issue Marcus Meissner (Mar 01)
- Re: CVE Request: various gems in aftermath of rubygem actionpack issue Reed Loden (Mar 01)
- Re: CVE Request: various gems in aftermath of rubygem actionpack issue Kurt Seifried (Mar 01)
- Re: CVE Request: various gems in aftermath of rubygem actionpack issue Olivier Gonzalez (Mar 01)
- Re: CVE Request: various gems in aftermath of rubygem actionpack issue Kurt Seifried (Mar 02)
- Re: CVE Request: various gems in aftermath of rubygem actionpack issue Olivier Gonzalez (Mar 01)