oss-sec mailing list archives
CVE request: ruby on rails flaws (4)
From: Vincent Danen <vdanen () redhat com>
Date: Wed, 17 Aug 2011 10:52:47 -0600
Could we get CVEs assigned to these flaws? Upstream had requested CVEs prior to disclosure, but didn't receive any. http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6 1) Filter Skipping bugs http://groups.google.com/group/rubyonrails-security/browse_thread/thread/3420ac71aed312d6 https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552 https://bugzilla.redhat.com/show_bug.cgi?id=731432 2) SQL Injection issues http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85 https://bugzilla.redhat.com/show_bug.cgi?id=731438 3) Parse error in strip_tags http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12 https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a https://bugzilla.redhat.com/show_bug.cgi?id=731436 4) UTF-8 escaping vulnerability http://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195 https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd https://bugzilla.redhat.com/show_bug.cgi?id=731435 Thanks! --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request: ruby on rails flaws (4) Vincent Danen (Aug 17)
- Re: CVE request: ruby on rails flaws (4) Josh Bressers (Aug 19)
- Re: CVE request: ruby on rails flaws (4) Vincent Danen (Aug 19)
- Re: CVE request: ruby on rails flaws (4) Josh Bressers (Aug 22)
- Re: CVE request: ruby on rails flaws (4) Matthias Weckbecker (Aug 22)
- Re: CVE request: ruby on rails flaws (4) Josh Bressers (Aug 22)
- Re: CVE request: ruby on rails flaws (4) Vincent Danen (Aug 19)
- Re: CVE request: ruby on rails flaws (4) Josh Bressers (Aug 19)