oss-sec mailing list archives
Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156)
From: Reed Loden <reed () reedloden com>
Date: Fri, 11 Jan 2013 00:11:14 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 11 Jan 2013 00:52:38 -0700 Kurt Seifried <kseifried () redhat com> wrote:
On 01/10/2013 05:56 PM, Reed Loden wrote:Apparently, the multi_xml ruby gem has the same issue as CVE-2013-0156.
...
These appear to be slightly different code bases, and in any event to prevent confusion I'm assigning it a separate CVE to prevent confusion since Ruby on Rails = 100% usage basically and multi_xml = > 100% (probably a whole lot less). Please use CVE-2013-0175 for this issue in the multi_xml ruby gem.
Thanks! multi_xml 0.5.2 was just released with the fix. https://rubygems.org/gems/multi_xml/versions/0.5.2 ~reed -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAlDvySIACgkQa6IiJvPDPVpZAwCfU8xU8qDKM6vFjRWv6lus9FFf vaoAn1xEdqfElznfOoFRAxNquF9dwXEI =9u/F -----END PGP SIGNATURE-----
Current thread:
- CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156) Reed Loden (Jan 10)
- Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156) Kurt Seifried (Jan 10)
- Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156) Reed Loden (Jan 11)
- Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156) Kurt Seifried (Jan 10)