mailing list archives
Re: CVE request: ruby file creation due in insertion of illegal NUL character
From: "U.Nakamura" <usa () garbagecollect jp>
Date: Tue, 16 Oct 2012 09:01:08 +0900
In message "Re: [oss-security] CVE request: ruby file creation due in insertion of illegal NUL character"
on Oct.14,2012 04:48:50, <kseifried () redhat com> wrote:
The fix is located here:
I don't see a CVE name associated with the announcement or commit, so
I don't believe one has been assigned.
Agreed, user controlled file creation in this manner is definitely a
Please use CVE-2012-4522 for this issue.
I've added the mention about the CVE number to the announcement
on Ruby Web SIte.
U.Nakamura <usa () garbagecollect jp>