Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 10 Mar 2008 08:35:12 +0100
From: Tomas Hoger <thoger@...hat.com>
To: oss-security@...ts.openwall.com, smithj@...ethemallocs.com
Cc: "Steven M. Christey" <coley@...re.org>
Subject: Re: CVE request: ruby information disclosure

On Sun, 09 Mar 2008 17:18:04 -0800 Jonathan Smith
<smithj@...ethemallocs.com> wrote:

> Gentoo has an open bug [1] indicating a minor information disclosure
> issue in ruby. They also sortof indicate that there has been a CVE
> request, but I can't find it anywhere. So either consider this a
> request or a ping on an existing request :)
> 
> rPath also has an issue [2] if you need references.
> 
> [1]: https://bugs.gentoo.org/show_bug.cgi?id=212264
> [2]: https://issues.rpath.com/browse/RPL-2338

CVE-2008-1145

http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/
for better reference.

Check NVD site [1], as CVE descriptions frequently appear there hours to
days earlier than on CVE site.

[1] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1145

-- 
Tomas Hoger
Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.