Date: Wed, 25 Apr 2012 15:06:10 -0600 From: Vincent Danen <vdanen@...hat.com> To: oss-security@...ts.openwall.com Cc: mikel@...nteractive.net Subject: CVE request: two flaws fixed in rubygem-mail 2.4.4 Two flaws were corrected in rubygem-mail version 2.4.4: A file system traversal in file_delivery method . Arbitrary command execution when using exim or sendmail from the commandline ,.  https://github.com/mikel/mail/commit/29aca25218e4c82991400eb9b0c933626aefc98f  https://github.com/mikel/mail/commit/36b7fa23d38cb59dd79b7efa258ef0e7ddab5a11  https://github.com/mikel/mail/commit/ac56f03bdfc30b379aeecd4ff317d08fdaa328c2 Other references: https://bugzilla.novell.com/show_bug.cgi?id=759092 https://bugzilla.redhat.com/show_bug.cgi?id=816352 Could two CVEs be assigned for these flaws please? -- Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ