oss-sec mailing list archives

Re: RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs

From: larry Cashdollar <larry0 () me com>
Date: Wed, 20 Mar 2013 21:57:20 -0400


This was my fault, I should have sent the CVE numbers off list. Sorry all.

Larry C$

On Mar 20, 2013, at 1:13 PM, "Christey, Steven M." <coley () mitre org> wrote:

http://direct.osvdb.org/show/osvdb/91450 (command_wrap gem) did not get any separate CVEs from MITRE, so the original 
assignment of CVE-2013-1875 is still valid.

We have REJECTed CVE-2013-1876, CVE-2013-1877, and CVE-2013-1878 as originally stated by Kurt.

- Steve

-----Original Message-----
From: Kurt Seifried [mailto:kseifried () redhat com]
Sent: Wednesday, March 20, 2013 5:05 AM
To: oss-security () lists openwall com
Cc: Henri Salo; larry0 () me com; Christey, Steven M.
Subject: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/20/2013 02:43 AM, Kurt Seifried wrote:

Argh I didn't pay attention to Larry's previous emails where he listed
the CVE's assigned:

http://www.openwall.com/lists/oss-security/2013/03/19/9

http://www.osvdb.org/show/osvdb/91232  fastreader CVE-2013-2615
http://www.osvdb.org/show/osvdb/91231  MiniMagic  CVE-2013-2616
http://www.osvdb.org/show/osvdb/91230  Curl       CVE-2013-2617

Please don't send requests to oss-sec if you already sent a request to
Mitre/anyone else. Also I don't seem to have these in my emails from
Mitre (to VIM list or anywhere else)?

===================

These 4 are all the ";" URL parsing issues ny larry0 () me com
=================== http://direct.osvdb.org/show/osvdb/91450
command_wrap gem


Please use CVE-2013-1875 for this issue.


Did this one get a CVE from Mitre?

http://direct.osvdb.org/show/osvdb/91232 fastreader gem


Please use CVE-2013-1876 for this issue.


Please reject, use CVE-2013-2615 instead

http://direct.osvdb.org/show/osvdb/91231 MiniMagic gem


Please use CVE-2013-1877 for this issue.


Please reject, use CVE-2013-2616 instead

http://direct.osvdb.org/show/osvdb/91230 Curl gem


Please use CVE-2013-1878 for this issue.


Please reject, use CVE-2013-2617 instead

Current thread:

Ruby CVEs Kurt Seifried (Mar 19)
- Re: Ruby CVEs Henri Salo (Mar 19)
  - Re: Ruby CVEs Kurt Seifried (Mar 19)
  - Re: Ruby CVEs Kurt Seifried (Mar 20)
    - Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Kurt Seifried (Mar 20)
    - Re: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Reed Loden (Mar 20)
    - RE: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Christey, Steven M. (Mar 20)
    - RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Christey, Steven M. (Mar 20)
    - Re: RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs larry Cashdollar (Mar 20)
    - Re: Ruby CVEs Solar Designer (Mar 20)
    - RE: Ruby CVEs Christey, Steven M. (Mar 21)
    - Re: Ruby CVEs Henri Salo (Mar 21)
    - Re: Ruby CVEs Henri Salo (Mar 20)