oss-sec mailing list archives

CVE Request: gollum information disclosure vulnerability

From: Dawa Ometto <d.ometto () gmail com>
Date: Sun, 20 Sep 2015 14:34:41 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

A vulnerability has been found in the gollum wiki, which allows
attackers to gain read access to arbitrary files on the system.

Website: https://github.com/gollum/gollum
Affected versions: 4.0.0 and earlier
Patched version: 4.0.1
Fix: update the gollum gem by running `gem update gollum`

See this commit for the patch:
https://github.com/gollum/gollum/commit/ce68a88293ce3b18c261312392ad33a88bb69ea1

Please assign a CVE identifier.

Thanks in advance,

Dawa Ometto

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQEcBAEBCgAGBQJV/qfhAAoJEOZ/bElPm95rx8sIAN1//QHUPQEM3Dy3M4zTesTw
72rBxilGPpsb/sCJunekbigW9gVubWrfqmpt7S7RZNW5PTUpspAlgp03Zz6mqhzX
PFYAtF4OaQkumGAigI5Ae+4Zd2I0swkzWWi3G8Xhyze6POYQYy2rxsoOJCfV2l/I
3dxKJL9bX23PCc2G3TyOoNr4ctYsjtHLLosUDuoyTYsRgoturUlf1+My+naV9Ccv
+JtRkeCCtZ+YsJmnnhxzWp/KtCAVju5xalfDbxPJdYeo40+P8crTjXHzLAfD7zra
6IvdnqX9w3VtfKSWzDmoVIefFa6Mq8na7ojeOWAjKSnLoDimyqzAXkTrMPh13Ds=
=DwwE
-----END PGP SIGNATURE-----

Current thread:

CVE Request: gollum information disclosure vulnerability Dawa Ometto (Sep 20)
- Re: CVE Request: gollum information disclosure vulnerability cve-assign (Sep 22)