oss-sec mailing list archives
CVE Request: gollum information disclosure vulnerability
From: Dawa Ometto <d.ometto () gmail com>
Date: Sun, 20 Sep 2015 14:34:41 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, A vulnerability has been found in the gollum wiki, which allows attackers to gain read access to arbitrary files on the system. Website: https://github.com/gollum/gollum Affected versions: 4.0.0 and earlier Patched version: 4.0.1 Fix: update the gollum gem by running `gem update gollum` See this commit for the patch: https://github.com/gollum/gollum/commit/ce68a88293ce3b18c261312392ad33a88bb69ea1 Please assign a CVE identifier. Thanks in advance, Dawa Ometto -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJV/qfhAAoJEOZ/bElPm95rx8sIAN1//QHUPQEM3Dy3M4zTesTw 72rBxilGPpsb/sCJunekbigW9gVubWrfqmpt7S7RZNW5PTUpspAlgp03Zz6mqhzX PFYAtF4OaQkumGAigI5Ae+4Zd2I0swkzWWi3G8Xhyze6POYQYy2rxsoOJCfV2l/I 3dxKJL9bX23PCc2G3TyOoNr4ctYsjtHLLosUDuoyTYsRgoturUlf1+My+naV9Ccv +JtRkeCCtZ+YsJmnnhxzWp/KtCAVju5xalfDbxPJdYeo40+P8crTjXHzLAfD7zra 6IvdnqX9w3VtfKSWzDmoVIefFa6Mq8na7ojeOWAjKSnLoDimyqzAXkTrMPh13Ds= =DwwE -----END PGP SIGNATURE-----
Current thread:
- CVE Request: gollum information disclosure vulnerability Dawa Ometto (Sep 20)
- Re: CVE Request: gollum information disclosure vulnerability cve-assign (Sep 22)