oss-sec mailing list archives
Ruby CVEs
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 19 Mar 2013 01:17:11 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://direct.osvdb.org/search?search[vuln_title]=ruby&search[text_type]=titles =================== These 4 are all the ";" URL parsing issues ny larry0 () me com =================== http://direct.osvdb.org/show/osvdb/91450 command_wrap gem http://direct.osvdb.org/show/osvdb/91232 fastreader gem http://direct.osvdb.org/show/osvdb/91231 MiniMagic gem http://direct.osvdb.org/show/osvdb/91230 Curl gem =================== http://direct.osvdb.org/show/osvdb/90717 fileutils - has CVE-2013-2516 - where did this come from (I assume Mitre?)? Does it cover just this issue or the next 3? =================== http://direct.osvdb.org/show/osvdb/90718 fileutils gem code exec http://direct.osvdb.org/show/osvdb/90716 fileutils gem dir creation http://direct.osvdb.org/show/osvdb/90715 fileutils gem tmp file creation =================== http://direct.osvdb.org/show/osvdb/90206 typecasting - mysql/etc. - we probably need another long email from steve on how to handle this =) http://direct.osvdb.org/show/osvdb/89612 gemcutter - Psych YAML parse - do we assign a vuln for psych? http://direct.osvdb.org/show/osvdb/90946 libxml2 entity expansion *** see Steven's long posting, I need to figure this out yet. Also am I missing anything else? - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRSBD3AAoJEBYNRVNeJnmTKIoP/A/hArfD7sNALPrrQhZPg4w1 0KeAV7sAkfaYw4+g8nikUsAq+/b6wq6uSMjsbhyd/UNp9CR/KBJ0uKRAxHBPSLs1 QdB/GG6wygFU8mBUXbUBZSvyIepyAKdzAUl3vu0IEyVn2311+kVCa9y+FG3JUiZ4 3VDeqdlS+tcuryirD2te0LvwNuAYtqC6qiK2p9VQZaibVla8tE0U1L3CjKMy2IKY 0UYHTrjlBflgSebgebCQPHjYLdeGbCV3CIF1Nn0gCXpD/O/6q6y+FQRXo8dPQ7f4 YRgy3UgM9pB7m4XIngb9KfPAo7G9jbXb9OwgPHwUyvicr66O3p8+I2oLqOIkDLAH CB1HiegYkGOVpBxN6i5WZO2AYCRlMNjRkD7L/IUwX8aiR0dXzm9KRLSSMawkNS02 xJqaLzKRQ/PceZgStI5tAGcheovhlpbMdTUyE0oKIZ3L6mLd0m4aM7i3CJHRNR+L EVDDa+UtNFc0UsKwK3QzttYys7inNk+rrsz9RV3MHY/uAOpI7RYtXLdLhD8O91NP BHzQRabZ80uSDDlQp6TefdpvdB7xXxzymr+JAAk/R7x48+rS2YqVmA4mKm6l376o kBsIiElclc3D0BnIS7PrzZqC7/7Pw/oYenIX9nqSmcBQr36xgr+QRyfWq9euk0vA hYbkyNOwCUyIejv6xze7 =fU5C -----END PGP SIGNATURE-----
Current thread:
- Ruby CVEs Kurt Seifried (Mar 19)
- Re: Ruby CVEs Henri Salo (Mar 19)
- Re: Ruby CVEs Kurt Seifried (Mar 19)
- Re: Ruby CVEs Kurt Seifried (Mar 20)
- Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Kurt Seifried (Mar 20)
- Re: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Reed Loden (Mar 20)
- RE: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Christey, Steven M. (Mar 20)
- RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Christey, Steven M. (Mar 20)
- Re: RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs larry Cashdollar (Mar 20)
- Re: Ruby CVEs Solar Designer (Mar 20)
- RE: Ruby CVEs Christey, Steven M. (Mar 21)
- Re: Ruby CVEs Henri Salo (Mar 19)