Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156)

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/10/2013 05:56 PM, Reed Loden wrote:
> Apparently, the multi_xml ruby gem has the same issue as
> CVE-2013-0156.
>
> Can a new CVE be assigned to track it specifically as well, or
> would policy dictate that this issue be considered part of the
> original CVE?
>
> https://gist.github.com/d7f6d9f4925f413621aa 
> https://github.com/sferik/multi_xml/pull/34 
> https://news.ycombinator.com/item?id=5040457
>
> ~reed

These appear to be slightly different code bases, and in any event to
prevent confusion I'm assigning it a separate CVE to prevent confusion
since Ruby on Rails = 100% usage basically and multi_xml = > 100%
(probably a whole lot less).

Please use CVE-2013-0175 for this issue in the multi_xml ruby gem.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ78TGAAoJEBYNRVNeJnmTeN8P/RlSMjTZCtmy2AfWWgMHPW8k
ico/Z77pOL9Mvlh8xTLemFTymaVubnF2YNlaZFFxYRvmlObf/Ci1E6Qy8tf0Ik9H
QUHeiXFvV+km6tKn3ieN3smUhtGRn/zUGyZEz2g0pBeSqCdl+5XUdVN2dB1NXmU0
eZvuvtpCcVkyAJ9r+5g5Qv3+tqZn/7jKzjGrUGAQaw2dkgy2Sl4J0I6aKN1dyvBF
YnifZCmexnvxSbVXRVJ7uNx2k8fBwcWmF3YAg5/bqSLrVBr5Bq4daCTXIgSal0WG
boiAMofD2GMDGBeAn5xvjfnHTuVAB34L0P0C+P0NUUOwLLigJ4XfKfAeWBOqUQkg
Ugk6ABEjlg6PLsz1+xe8ZwggAyaBg05hGD6azZfZ02EeOxhrTew5M/NT6jrp2CHh
42YLKfYnEkfJQIWyOS/Yu7h0vAauvsdm64SvQhjhsNOJ4HGobrcQrj4DYayOQMK5
WeTe81JDXokOf3RqdYc79AIeh2sJBGOiceoVwhjuIriJ51PgH4LXMcFUMTtwIOZg
7efx8+fGMqTZxVEzWZPssg2vZl0eZTLc2fAXepmDf0DAie1MH8POcU+5ePQEpIfe
22nLWzk86Pm2Pzw8yBJiw7Y9vezdne9MRXOhNSDZaALaIJny4LMPDZC31T2KZqOO
9p6Mqs1REqiKMSDgvXun
=f+4c
-----END PGP SIGNATURE-----