oss-sec mailing list archives

Re: Re: CVE request: rubygem omniauth-facebook CSRF vurnerability

From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 13 Nov 2013 00:18:47 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/12/2013 02:47 PM, Josef Šimánek wrote:

Patch prepared to release:

https://github.com/mkdynamic/omniauth-facebook/commit/ccfcc26fe7e34acbd75ad4a095fd01ce5ff48ee7


Perfect

thanks. Please use CVE-2013-4562 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSgyfXAAoJEBYNRVNeJnmTKOQQAKaTmf5r+dKHkB4dYlIxZarP
kX4gbn7GC+RPc7V1tRh3nFvK6XYOScHfNR6Cz14jplmEFyg5wMPYMjv2bgwBclv+
5X403Vg2Sv0eR8bxq9g7anx5cW+Fqi5I/uIaDI/4p/Y8+ACCxZ0wxhP8LfA9VjUU
awi7rlBhZc3vnntwWu9lBxGJH/+5YCyRRpRYeW4W5AiloT7U7i9U4mlw39BYkbcC
LgzNhBzjsopIIXRuGZOuhkXW1lAbB3aQGBBaXoZdKYk1O4OcbQbSOGhzDaom2xkW
9MofWZMAq+z+7CGj4A8OxCuYwdpN0VBZBy0yr/rVUw9ej5sNLLdy7MishLoK2kyZ
3B2zADkXf9J8R4HRlDBJcBI6HBrjabaNPET38aWG+LweNgn4LnBDyq5Sd6XU7rkN
pnvjk1Cou6s97j7oM/YR1L2+CYO55i7xAGa89/vyxxtaBqHIQUgYjfqztovNe5CF
WdtnuS9x+N6g3F183t5Gw1N3pYr+I08GzQwrYkf4QewBWer+3jbC3OHnRmRmjZON
nC2QrluhRCfkeEpJwLgsGjLZT+bcfINVqqU2pZ1KeL1YbtBinFtoxPX5vw5/ILL4
1hjTPVkbmDlTjMVWL2q68ZganEsoAjDdA05Y93vFXgr1Fz9ZrNSh0+aoT1QKTrqY
PH46mQjDliit+5iek3pS
=lfBO
-----END PGP SIGNATURE-----

Current thread:

CVE request: rubygem omniauth-facebook CSRF vurnerability Josef Šimánek (Nov 12)
- Re: CVE request: rubygem omniauth-facebook CSRF vurnerability Kurt Seifried (Nov 12)
- Re: CVE request: rubygem omniauth-facebook CSRF vurnerability Josef Šimánek (Nov 12)
  - Re: Re: CVE request: rubygem omniauth-facebook CSRF vurnerability Kurt Seifried (Nov 12)