Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request: various gems in aftermath of rubygem actionpack issue
From: Kurt Seifried <kseifried () redhat com>
Date: Sat, 02 Mar 2013 01:26:06 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/01/2013 04:19 PM, Olivier Gonzalez wrote:
hi,

this is probably what you're looking for:

Perfect, that's exactly what I need

crack:
https://github.com/jnunemaker/crack/commit/e3da1212a1f84a898ee3601336d1dbbf118fb5f6

Please use CVE-2013-1800 for this issue.

httparty:
https://github.com/jnunemaker/httparty/commit/53a812426dd32108d6cba4272b493aa03bc8c031

Please

use CVE-2013-1801 for this issue.

extlib:
https://github.com/datamapper/extlib/compare/b4f98174ec35ac96f76a08d5624fad05d22879b5…4540e7102b803624cc2eade4bb8aaaa934fc31c5
(https://github.com/datamapper/extlib/compare/b4f98174ec35ac96f76a08d5624fad05d22879b5...4540e7102b803624cc2eade4bb8aaaa934fc31c5)

Please

use CVE-2013-1802 for this issue.

Thanks

No, thank you!



-- Olivier Gonzalez


Le vendredi 1 mars 2013 à 22:47, Kurt Seifried a écrit :

On 03/01/2013 09:43 AM, Marcus Meissner wrote:
Hi,

I think these rubygem updates have got no CVE entry/ies yet:
 
https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately

 Or should we use the Rubygem Action Pack CVE ids for it too 
(CVE-2013-0156)?

Ciao, Marcus

I need details before I can assign CVEs for those. Can you maybe 
generate diffs that show the code fixes and post them? thanks.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRMbeYAAoJEBYNRVNeJnmThgsQAM5P+LtYMk6QDqudEofNnKB2
qNwq2+K00orUhiRIfagvDKHdFBwl2bW5nVz+hpSlm3oY5Ty8SYHJEOlXkRr7YRHS
k8zU7G9Hcj2Bs54wvTReccZn6mm4aS3qyEIWddKh6eTToL53Qmw6FVhGKir/i4Yn
UC89ckVDUGiProf80FLow4sjkFsF9BaKHvsQ3Jb2pnh/ssKW+fJ8BMrFdlxpvb7x
8KPGuM4O5G8auSUVkIzV4T8bYZqtD3M/emK9nsAP2H7mez/cOgMdMK/J7XZCIhsO
3yzya1t+34TIE5E71Q0BGP/m4Z+90M3gTxSsfzz9Z2MwKrPTOGl11bpzV9PsWVPC
sNxYvGmZoMBKWZ5JMP8Whf9KnrAdzWwrX6ZVYx1uGBdDGgfebYVQIwqIQioce33c
vaCSO50Cf5nemJJ7bOD9pQjbwWKFNTBxCvXaZLDxHWt7I6TIYnuylVpflM60Qt3+
bTaQVRsDunT38iDqwpWQAaWbEzsxKD49XIF3prHDg6Kyu0GYQg66wgue3c0OzUaI
lG6OmfoebDy2L8b9J3z8mVk6r90r0tI2C9jfJdQAWKEiLnuTKGRcxF81WfVfFSyb
sHLnYVQ950NlUSlhgsdjf/vZLvZALzbOfZWkg0HSlf7u+Ls6Q+4Btb6TcM81gdro
H2P7lTrwu6o7ccbFWv93
=lYo5
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]