oss-sec mailing list archives
Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156)
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 11 Jan 2013 00:52:38 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/10/2013 05:56 PM, Reed Loden wrote:
Apparently, the multi_xml ruby gem has the same issue as CVE-2013-0156. Can a new CVE be assigned to track it specifically as well, or would policy dictate that this issue be considered part of the original CVE? https://gist.github.com/d7f6d9f4925f413621aa https://github.com/sferik/multi_xml/pull/34 https://news.ycombinator.com/item?id=5040457 ~reed
These appear to be slightly different code bases, and in any event to prevent confusion I'm assigning it a separate CVE to prevent confusion since Ruby on Rails = 100% usage basically and multi_xml = > 100% (probably a whole lot less). Please use CVE-2013-0175 for this issue in the multi_xml ruby gem. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQ78TGAAoJEBYNRVNeJnmTeN8P/RlSMjTZCtmy2AfWWgMHPW8k ico/Z77pOL9Mvlh8xTLemFTymaVubnF2YNlaZFFxYRvmlObf/Ci1E6Qy8tf0Ik9H QUHeiXFvV+km6tKn3ieN3smUhtGRn/zUGyZEz2g0pBeSqCdl+5XUdVN2dB1NXmU0 eZvuvtpCcVkyAJ9r+5g5Qv3+tqZn/7jKzjGrUGAQaw2dkgy2Sl4J0I6aKN1dyvBF YnifZCmexnvxSbVXRVJ7uNx2k8fBwcWmF3YAg5/bqSLrVBr5Bq4daCTXIgSal0WG boiAMofD2GMDGBeAn5xvjfnHTuVAB34L0P0C+P0NUUOwLLigJ4XfKfAeWBOqUQkg Ugk6ABEjlg6PLsz1+xe8ZwggAyaBg05hGD6azZfZ02EeOxhrTew5M/NT6jrp2CHh 42YLKfYnEkfJQIWyOS/Yu7h0vAauvsdm64SvQhjhsNOJ4HGobrcQrj4DYayOQMK5 WeTe81JDXokOf3RqdYc79AIeh2sJBGOiceoVwhjuIriJ51PgH4LXMcFUMTtwIOZg 7efx8+fGMqTZxVEzWZPssg2vZl0eZTLc2fAXepmDf0DAie1MH8POcU+5ePQEpIfe 22nLWzk86Pm2Pzw8yBJiw7Y9vezdne9MRXOhNSDZaALaIJny4LMPDZC31T2KZqOO 9p6Mqs1REqiKMSDgvXun =f+4c -----END PGP SIGNATURE-----
Current thread:
- CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156) Reed Loden (Jan 10)
- Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156) Kurt Seifried (Jan 10)
- Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156) Reed Loden (Jan 11)
- Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156) Kurt Seifried (Jan 10)