Date: Fri, 11 Jan 2013 00:11:14 -0800 From: Reed Loden <reed@...dloden.com> To: Kurt Seifried <kseifried@...hat.com> Cc: oss-security@...ts.openwall.com Subject: Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 11 Jan 2013 00:52:38 -0700 Kurt Seifried <kseifried@...hat.com> wrote: > On 01/10/2013 05:56 PM, Reed Loden wrote: > > Apparently, the multi_xml ruby gem has the same issue as > > CVE-2013-0156. ... > These appear to be slightly different code bases, and in any event to > prevent confusion I'm assigning it a separate CVE to prevent confusion > since Ruby on Rails = 100% usage basically and multi_xml = > 100% > (probably a whole lot less). > > Please use CVE-2013-0175 for this issue in the multi_xml ruby gem. Thanks! multi_xml 0.5.2 was just released with the fix. https://rubygems.org/gems/multi_xml/versions/0.5.2 ~reed -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAlDvySIACgkQa6IiJvPDPVpZAwCfU8xU8qDKM6vFjRWv6lus9FFf vaoAn1xEdqfElznfOoFRAxNquF9dwXEI =9u/F -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ