oss-sec mailing list archives
Re: Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes)
From: Tomas Hoger <thoger () redhat com>
Date: Wed, 16 Jul 2014 17:04:38 +0200
On Wed, 16 Jul 2014 02:04:37 -0400 (EDT) cve-assign () mitre org wrote:
Ruby 1.9.3, 2.0, and 2.1 are affected by the off-by-one. We're still not sure about the presence of a different issue affecting Ruby 2.0 and 2.1. I left a comment on the report pointing out that 1.9.3 is also affected by the off-by-oneYesterday, https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/46778 and https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/46778/diff/pack.c were publicly readable, but today both of them result in a "Ruby Issue Tracking System" login screen. We're not sure how to interpret this, e.g., maybe all of 46778 has become private because the "different issue affecting Ruby 2.0 and 2.1" is now embargoed?
That's probably unrelated change / regression in the Ruby bug tracker. Checking some other random bug report, when logged in using a completely unprivileged account, I see: - revision strings (rXXXX) are clickable links pointing to URLs as above - actual revisions / diff are accessible While doing the same while not logged in: - revision strings (rXXXX) are not turned to links - revision / diff pages redirect to login Anyway, you can view the above commit / diff via: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=46778 -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- Fwd: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle (Jul 09)
- Re: Fwd: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Murray McAllister (Jul 09)
- Re: Fwd: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Tomas Hoger (Jul 10)
- Re: Fwd: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle (Jul 10)
- Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle (Jul 10)
- Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle (Jul 14)
- Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Kurt Seifried (Jul 14)
- Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) cve-assign (Jul 14)
- Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle (Jul 15)
- Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) cve-assign (Jul 15)
- Re: Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Tomas Hoger (Jul 16)
- Re: Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Tomas Hoger (Jul 16)
- Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle (Jul 16)
- Re: Fwd: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle (Jul 10)
- Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) cve-assign (Jul 17)