Re: Ruby CVEs

[Henri Salo <henri () nerv fi>]

On Wed, Mar 20, 2013 at 02:43:21AM -0600, Kurt Seifried wrote:
> On 03/19/2013 04:00 AM, Henri Salo wrote:
> > On Tue, Mar 19, 2013 at 01:17:11AM -0600, Kurt Seifried wrote:
> > > http://direct.osvdb.org/search?search[vuln_title]=ruby&search[text_type]=titles
> ===================
> > > These 4 are all the ";" URL parsing issues ny larry0 () me com 
> > > =================== http://direct.osvdb.org/show/osvdb/91450 
> > > command_wrap gem
>
> Please use CVE-2013-1875 for this issue.
>
> > > http://direct.osvdb.org/show/osvdb/91232 fastreader gem
>
> Please use CVE-2013-1876 for this issue.
>
> > > http://direct.osvdb.org/show/osvdb/91231 MiniMagic gem
>
> Please use CVE-2013-1877 for this issue.
>
> > > http://direct.osvdb.org/show/osvdb/91230 Curl gem
>
> Please use CVE-2013-1878 for this issue.
>
> > Please note that in private email Larry said he will request CVEs
> > for these security vulnerabilities. Adding Larry as CC so he can
> > tell us if he already did that and if he didn't we can assign those
> > in this thread.
>
> As per Larry's previous emails, assigning here.
>
> > --- Henri Salo
>
>
> - -- 
> Kurt Seifried Red Hat Security Response Team (SRT)
> PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

These have been assigned by Mitre in email to Larry:

http://www.openwall.com/lists/oss-security/2013/03/19/9

> http://www.osvdb.org/show/osvdb/91232  fastreader CVE-2013-2615
> http://www.osvdb.org/show/osvdb/91231  MiniMagic  CVE-2013-2616
> http://www.osvdb.org/show/osvdb/91230  Curl       CVE-2013-2617

I updated OSVDB items. No idea about http://osvdb.org/91450

Do we REJECT CVE-2013-1876, CVE-2013-1877, CVE-2013-1878?

---
Henri Salo

Attachment: signature.asc
Description: Digital signature