Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs
From: larry Cashdollar <larry0 () me com>
Date: Wed, 20 Mar 2013 21:57:20 -0400


This was my fault, I should have sent the CVE numbers off list. Sorry all.

Larry C$

On Mar 20, 2013, at 1:13 PM, "Christey, Steven M." <coley () mitre org> wrote:

http://direct.osvdb.org/show/osvdb/91450 (command_wrap gem) did not get any separate CVEs from MITRE, so the original 
assignment of CVE-2013-1875 is still valid.

We have REJECTed CVE-2013-1876, CVE-2013-1877, and CVE-2013-1878 as originally stated by Kurt.

- Steve



-----Original Message-----
From: Kurt Seifried [mailto:kseifried () redhat com]
Sent: Wednesday, March 20, 2013 5:05 AM
To: oss-security () lists openwall com
Cc: Henri Salo; larry0 () me com; Christey, Steven M.
Subject: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/20/2013 02:43 AM, Kurt Seifried wrote:

Argh I didn't pay attention to Larry's previous emails where he listed
the CVE's assigned:

http://www.openwall.com/lists/oss-security/2013/03/19/9

http://www.osvdb.org/show/osvdb/91232  fastreader CVE-2013-2615
http://www.osvdb.org/show/osvdb/91231  MiniMagic  CVE-2013-2616
http://www.osvdb.org/show/osvdb/91230  Curl       CVE-2013-2617

Please don't send requests to oss-sec if you already sent a request to
Mitre/anyone else. Also I don't seem to have these in my emails from
Mitre (to VIM list or anywhere else)?

===================
These 4 are all the ";" URL parsing issues ny larry0 () me com
=================== http://direct.osvdb.org/show/osvdb/91450
command_wrap gem

Please use CVE-2013-1875 for this issue.

Did this one get a CVE from Mitre?

http://direct.osvdb.org/show/osvdb/91232 fastreader gem

Please use CVE-2013-1876 for this issue.

Please reject, use CVE-2013-2615 instead

http://direct.osvdb.org/show/osvdb/91231 MiniMagic gem

Please use CVE-2013-1877 for this issue.

Please reject, use CVE-2013-2616 instead

http://direct.osvdb.org/show/osvdb/91230 Curl gem

Please use CVE-2013-1878 for this issue.

Please reject, use CVE-2013-2617 instead



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]