Re: Vulnerability Reported in my Ruby Gem

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/08/2013 11:21 AM, richard schneeman wrote:
> I'm interested in creating a CVE for this issue and came to this
> mailing list from this link: 
> http://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html
>
>  I maintain the ruby gem 'wicked' (roughly 100k downloads). A
> vulnerability has been reported allowing an attacker to read
> arbitrary files on a system.
>
> All previously released versions are vulnerable. Version 1.0.1 has
> been released with the problem patched.
>
> Email: richard.schneeman () gmail com Software Name: Wicked gem
>
> Commit of fix: 
> https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53
>
>
>
> Please let me know if you need more information or if this is the
> wrong forum for this type of a request
>
> -- Richard Schneeman

Please use CVE-2013-4413 for this issue. Thanks for the perfectly
formatted request =).

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSVYz0AAoJEBYNRVNeJnmTCW8P/2oH7oWjyKPcrR3NKOqX50Xd
pRXVOu24OBKYqFMOo2SDScat6xRKZ6U25/zxxUorTfr65oy+i05Jbdoe8lTcpZYR
J8EEKscWX97lbsb92bnZNrnKmdj8xGrUrkha/rjD/ZF0kApmL5vGxo3h8hMmiZiY
SIscO2PwKIAXiVcOxDb1cm9ipTSmWh0otuKVwlq5Smsexp8cQkNSCiOYPG4zahmK
NVnkR30WuHUoNKgMj1sQTbq0Mua9RP9Yz1c+2s8UtSf/VZ1yQ2r8SgsxFL04R0EA
2ydV40FocnywYTnbtKOSayiDmhYfICLQ8EbgCoUSgXGZM84xEf4CfswIW3GqKNZh
6GJTaMf5Cf3djXLcSlpMHVjeARR7MZlrxZ4aBycEtaazmpD6GHhFNrUfX/LxIlEy
9hhcvQF4UMYlnzIGAMbACjo8VfLIMrbZXSwyyOdsCDjnQPdzCkzOY1rpQpwi5V5L
m2NBdcNmVSS1aX96v86Alkwi0DJ8ijgWdUfrS4IqtL6TVjGYVJCwalIF3PxLYQQX
VfqjGO0tCkieFGtqW/YYxe5ObMS2y3upZ8pcwOSlxtME+vMjC2uu4o3sp9Y2Pa+p
C3Ad8JI4tRM6kWuVqr6Z3YZlpOT9LSSbA/DH5tDcgd5AnH8kPl6h0IwtXRGnUuhp
u9AWES7iBp3OBE3T0Lqd
=Puw9
-----END PGP SIGNATURE-----