oss-sec mailing list archives
Re: RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs
From: larry Cashdollar <larry0 () me com>
Date: Wed, 20 Mar 2013 21:57:20 -0400
This was my fault, I should have sent the CVE numbers off list. Sorry all. Larry C$ On Mar 20, 2013, at 1:13 PM, "Christey, Steven M." <coley () mitre org> wrote:
http://direct.osvdb.org/show/osvdb/91450 (command_wrap gem) did not get any separate CVEs from MITRE, so the original assignment of CVE-2013-1875 is still valid. We have REJECTed CVE-2013-1876, CVE-2013-1877, and CVE-2013-1878 as originally stated by Kurt. - Steve-----Original Message----- From: Kurt Seifried [mailto:kseifried () redhat com] Sent: Wednesday, March 20, 2013 5:05 AM To: oss-security () lists openwall com Cc: Henri Salo; larry0 () me com; Christey, Steven M. Subject: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/20/2013 02:43 AM, Kurt Seifried wrote: Argh I didn't pay attention to Larry's previous emails where he listed the CVE's assigned: http://www.openwall.com/lists/oss-security/2013/03/19/9 http://www.osvdb.org/show/osvdb/91232 fastreader CVE-2013-2615 http://www.osvdb.org/show/osvdb/91231 MiniMagic CVE-2013-2616 http://www.osvdb.org/show/osvdb/91230 Curl CVE-2013-2617 Please don't send requests to oss-sec if you already sent a request to Mitre/anyone else. Also I don't seem to have these in my emails from Mitre (to VIM list or anywhere else)?===================These 4 are all the ";" URL parsing issues ny larry0 () me com =================== http://direct.osvdb.org/show/osvdb/91450 command_wrap gemPlease use CVE-2013-1875 for this issue.Did this one get a CVE from Mitre?http://direct.osvdb.org/show/osvdb/91232 fastreader gemPlease use CVE-2013-1876 for this issue.Please reject, use CVE-2013-2615 insteadhttp://direct.osvdb.org/show/osvdb/91231 MiniMagic gemPlease use CVE-2013-1877 for this issue.Please reject, use CVE-2013-2616 insteadhttp://direct.osvdb.org/show/osvdb/91230 Curl gemPlease use CVE-2013-1878 for this issue.Please reject, use CVE-2013-2617 instead
Current thread:
- Ruby CVEs Kurt Seifried (Mar 19)
- Re: Ruby CVEs Henri Salo (Mar 19)
- Re: Ruby CVEs Kurt Seifried (Mar 19)
- Re: Ruby CVEs Kurt Seifried (Mar 20)
- Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Kurt Seifried (Mar 20)
- Re: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Reed Loden (Mar 20)
- RE: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Christey, Steven M. (Mar 20)
- RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Christey, Steven M. (Mar 20)
- Re: RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs larry Cashdollar (Mar 20)
- Re: Ruby CVEs Solar Designer (Mar 20)
- RE: Ruby CVEs Christey, Steven M. (Mar 21)
- Re: Ruby CVEs Henri Salo (Mar 21)
- Re: Ruby CVEs Henri Salo (Mar 19)
- Re: Ruby CVEs Henri Salo (Mar 20)