Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: ruby file creation due in insertion of illegal NUL character
From: "U.Nakamura" <usa () garbagecollect jp>
Date: Tue, 16 Oct 2012 09:01:08 +0900

Hello,

In message "Re: [oss-security] CVE request: ruby file creation due in insertion of illegal NUL character"
    on Oct.14,2012 04:48:50, <kseifried () redhat com> wrote:
The fix is located here:

http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163

I don't see a CVE name associated with the announcement or commit, so
I don't believe one has been assigned.

Agreed, user controlled file creation in this manner is definitely a
security issue.

Please use CVE-2012-4522 for this issue.

Thank you.

I've added the mention about the CVE number to the announcement
on Ruby Web SIte.


Regards,
-- 
U.Nakamura <usa () garbagecollect jp>


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]