Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Jan 2013 00:52:38 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Reed Loden <reed@...dloden.com>
Subject: Re: CVE request for multi_xml ruby gem (has same problem
 as CVE-2013-0156)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/10/2013 05:56 PM, Reed Loden wrote:
> Apparently, the multi_xml ruby gem has the same issue as
> CVE-2013-0156.
> 
> Can a new CVE be assigned to track it specifically as well, or
> would policy dictate that this issue be considered part of the
> original CVE?
> 
> https://gist.github.com/d7f6d9f4925f413621aa 
> https://github.com/sferik/multi_xml/pull/34 
> https://news.ycombinator.com/item?id=5040457
> 
> ~reed

These appear to be slightly different code bases, and in any event to
prevent confusion I'm assigning it a separate CVE to prevent confusion
since Ruby on Rails = 100% usage basically and multi_xml = > 100%
(probably a whole lot less).

Please use CVE-2013-0175 for this issue in the multi_xml ruby gem.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ78TGAAoJEBYNRVNeJnmTeN8P/RlSMjTZCtmy2AfWWgMHPW8k
ico/Z77pOL9Mvlh8xTLemFTymaVubnF2YNlaZFFxYRvmlObf/Ci1E6Qy8tf0Ik9H
QUHeiXFvV+km6tKn3ieN3smUhtGRn/zUGyZEz2g0pBeSqCdl+5XUdVN2dB1NXmU0
eZvuvtpCcVkyAJ9r+5g5Qv3+tqZn/7jKzjGrUGAQaw2dkgy2Sl4J0I6aKN1dyvBF
YnifZCmexnvxSbVXRVJ7uNx2k8fBwcWmF3YAg5/bqSLrVBr5Bq4daCTXIgSal0WG
boiAMofD2GMDGBeAn5xvjfnHTuVAB34L0P0C+P0NUUOwLLigJ4XfKfAeWBOqUQkg
Ugk6ABEjlg6PLsz1+xe8ZwggAyaBg05hGD6azZfZ02EeOxhrTew5M/NT6jrp2CHh
42YLKfYnEkfJQIWyOS/Yu7h0vAauvsdm64SvQhjhsNOJ4HGobrcQrj4DYayOQMK5
WeTe81JDXokOf3RqdYc79AIeh2sJBGOiceoVwhjuIriJ51PgH4LXMcFUMTtwIOZg
7efx8+fGMqTZxVEzWZPssg2vZl0eZTLc2fAXepmDf0DAie1MH8POcU+5ePQEpIfe
22nLWzk86Pm2Pzw8yBJiw7Y9vezdne9MRXOhNSDZaALaIJny4LMPDZC31T2KZqOO
9p6Mqs1REqiKMSDgvXun
=f+4c
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ