oss-sec mailing list archives
Re: Vulnerability Reported in my Ruby Gem
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 09 Oct 2013 11:05:57 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/08/2013 11:21 AM, richard schneeman wrote:
I'm interested in creating a CVE for this issue and came to this mailing list from this link: http://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html I maintain the ruby gem 'wicked' (roughly 100k downloads). A vulnerability has been reported allowing an attacker to read arbitrary files on a system. All previously released versions are vulnerable. Version 1.0.1 has been released with the problem patched. Email: richard.schneeman () gmail com Software Name: Wicked gem Commit of fix: https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53 Please let me know if you need more information or if this is the wrong forum for this type of a request -- Richard Schneeman
Please use CVE-2013-4413 for this issue. Thanks for the perfectly formatted request =). - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSVYz0AAoJEBYNRVNeJnmTCW8P/2oH7oWjyKPcrR3NKOqX50Xd pRXVOu24OBKYqFMOo2SDScat6xRKZ6U25/zxxUorTfr65oy+i05Jbdoe8lTcpZYR J8EEKscWX97lbsb92bnZNrnKmdj8xGrUrkha/rjD/ZF0kApmL5vGxo3h8hMmiZiY SIscO2PwKIAXiVcOxDb1cm9ipTSmWh0otuKVwlq5Smsexp8cQkNSCiOYPG4zahmK NVnkR30WuHUoNKgMj1sQTbq0Mua9RP9Yz1c+2s8UtSf/VZ1yQ2r8SgsxFL04R0EA 2ydV40FocnywYTnbtKOSayiDmhYfICLQ8EbgCoUSgXGZM84xEf4CfswIW3GqKNZh 6GJTaMf5Cf3djXLcSlpMHVjeARR7MZlrxZ4aBycEtaazmpD6GHhFNrUfX/LxIlEy 9hhcvQF4UMYlnzIGAMbACjo8VfLIMrbZXSwyyOdsCDjnQPdzCkzOY1rpQpwi5V5L m2NBdcNmVSS1aX96v86Alkwi0DJ8ijgWdUfrS4IqtL6TVjGYVJCwalIF3PxLYQQX VfqjGO0tCkieFGtqW/YYxe5ObMS2y3upZ8pcwOSlxtME+vMjC2uu4o3sp9Y2Pa+p C3Ad8JI4tRM6kWuVqr6Z3YZlpOT9LSSbA/DH5tDcgd5AnH8kPl6h0IwtXRGnUuhp u9AWES7iBp3OBE3T0Lqd =Puw9 -----END PGP SIGNATURE-----
Current thread:
- Vulnerability Reported in my Ruby Gem richard schneeman (Oct 08)
- Re: Vulnerability Reported in my Ruby Gem Kurt Seifried (Oct 09)