Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Vulnerability Reported in my Ruby Gem
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 09 Oct 2013 11:05:57 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/08/2013 11:21 AM, richard schneeman wrote:
I'm interested in creating a CVE for this issue and came to this
mailing list from this link: 
http://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html

 I maintain the ruby gem 'wicked' (roughly 100k downloads). A
vulnerability has been reported allowing an attacker to read
arbitrary files on a system.

All previously released versions are vulnerable. Version 1.0.1 has
been released with the problem patched.

Email: richard.schneeman () gmail com Software Name: Wicked gem

Commit of fix: 
https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53



Please let me know if you need more information or if this is the
wrong forum for this type of a request

-- Richard Schneeman


Please use CVE-2013-4413 for this issue. Thanks for the perfectly
formatted request =).

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSVYz0AAoJEBYNRVNeJnmTCW8P/2oH7oWjyKPcrR3NKOqX50Xd
pRXVOu24OBKYqFMOo2SDScat6xRKZ6U25/zxxUorTfr65oy+i05Jbdoe8lTcpZYR
J8EEKscWX97lbsb92bnZNrnKmdj8xGrUrkha/rjD/ZF0kApmL5vGxo3h8hMmiZiY
SIscO2PwKIAXiVcOxDb1cm9ipTSmWh0otuKVwlq5Smsexp8cQkNSCiOYPG4zahmK
NVnkR30WuHUoNKgMj1sQTbq0Mua9RP9Yz1c+2s8UtSf/VZ1yQ2r8SgsxFL04R0EA
2ydV40FocnywYTnbtKOSayiDmhYfICLQ8EbgCoUSgXGZM84xEf4CfswIW3GqKNZh
6GJTaMf5Cf3djXLcSlpMHVjeARR7MZlrxZ4aBycEtaazmpD6GHhFNrUfX/LxIlEy
9hhcvQF4UMYlnzIGAMbACjo8VfLIMrbZXSwyyOdsCDjnQPdzCkzOY1rpQpwi5V5L
m2NBdcNmVSS1aX96v86Alkwi0DJ8ijgWdUfrS4IqtL6TVjGYVJCwalIF3PxLYQQX
VfqjGO0tCkieFGtqW/YYxe5ObMS2y3upZ8pcwOSlxtME+vMjC2uu4o3sp9Y2Pa+p
C3Ad8JI4tRM6kWuVqr6Z3YZlpOT9LSSbA/DH5tDcgd5AnH8kPl6h0IwtXRGnUuhp
u9AWES7iBp3OBE3T0Lqd
=Puw9
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]