oss-sec mailing list archives

Ruby CVEs

From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 19 Mar 2013 01:17:11 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://direct.osvdb.org/search?search[vuln_title]=ruby&search[text_type]=titles


===================
These 4 are all the ";" URL parsing issues ny larry0 () me com
===================
http://direct.osvdb.org/show/osvdb/91450
command_wrap gem

http://direct.osvdb.org/show/osvdb/91232
fastreader gem

http://direct.osvdb.org/show/osvdb/91231
MiniMagic gem

http://direct.osvdb.org/show/osvdb/91230
Curl gem


===================
http://direct.osvdb.org/show/osvdb/90717
fileutils - has CVE-2013-2516 - where did this come from (I assume
Mitre?)? Does it cover just this issue or the next 3?
===================

http://direct.osvdb.org/show/osvdb/90718
fileutils gem
code exec

http://direct.osvdb.org/show/osvdb/90716
fileutils gem
dir creation

http://direct.osvdb.org/show/osvdb/90715
fileutils gem
tmp file creation
===================

http://direct.osvdb.org/show/osvdb/90206
typecasting - mysql/etc. - we probably need another long email from
steve on how to handle this =)

http://direct.osvdb.org/show/osvdb/89612
gemcutter - Psych YAML parse - do we assign a vuln for psych?

http://direct.osvdb.org/show/osvdb/90946
libxml2 entity expansion *** see Steven's long posting, I need to
figure this out yet.

Also am I missing anything else?

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRSBD3AAoJEBYNRVNeJnmTKIoP/A/hArfD7sNALPrrQhZPg4w1
0KeAV7sAkfaYw4+g8nikUsAq+/b6wq6uSMjsbhyd/UNp9CR/KBJ0uKRAxHBPSLs1
QdB/GG6wygFU8mBUXbUBZSvyIepyAKdzAUl3vu0IEyVn2311+kVCa9y+FG3JUiZ4
3VDeqdlS+tcuryirD2te0LvwNuAYtqC6qiK2p9VQZaibVla8tE0U1L3CjKMy2IKY
0UYHTrjlBflgSebgebCQPHjYLdeGbCV3CIF1Nn0gCXpD/O/6q6y+FQRXo8dPQ7f4
YRgy3UgM9pB7m4XIngb9KfPAo7G9jbXb9OwgPHwUyvicr66O3p8+I2oLqOIkDLAH
CB1HiegYkGOVpBxN6i5WZO2AYCRlMNjRkD7L/IUwX8aiR0dXzm9KRLSSMawkNS02
xJqaLzKRQ/PceZgStI5tAGcheovhlpbMdTUyE0oKIZ3L6mLd0m4aM7i3CJHRNR+L
EVDDa+UtNFc0UsKwK3QzttYys7inNk+rrsz9RV3MHY/uAOpI7RYtXLdLhD8O91NP
BHzQRabZ80uSDDlQp6TefdpvdB7xXxzymr+JAAk/R7x48+rS2YqVmA4mKm6l376o
kBsIiElclc3D0BnIS7PrzZqC7/7Pw/oYenIX9nqSmcBQr36xgr+QRyfWq9euk0vA
hYbkyNOwCUyIejv6xze7
=fU5C
-----END PGP SIGNATURE-----

Current thread:

Ruby CVEs Kurt Seifried (Mar 19)
- Re: Ruby CVEs Henri Salo (Mar 19)
  - Re: Ruby CVEs Kurt Seifried (Mar 19)
  - Re: Ruby CVEs Kurt Seifried (Mar 20)
    - Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Kurt Seifried (Mar 20)
    - Re: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Reed Loden (Mar 20)
    - RE: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Christey, Steven M. (Mar 20)
    - RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Christey, Steven M. (Mar 20)
    - Re: RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs larry Cashdollar (Mar 20)
    - Re: Ruby CVEs Solar Designer (Mar 20)
    - RE: Ruby CVEs Christey, Steven M. (Mar 21)

(Thread continues...)