Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 11 Jan 2013 00:11:14 -0800
From: Reed Loden <reed@...dloden.com>
To: Kurt Seifried <kseifried@...hat.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE request for multi_xml ruby gem (has same
 problem as CVE-2013-0156)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 11 Jan 2013 00:52:38 -0700
Kurt Seifried <kseifried@...hat.com> wrote:

> On 01/10/2013 05:56 PM, Reed Loden wrote:
> > Apparently, the multi_xml ruby gem has the same issue as
> > CVE-2013-0156.
...
> These appear to be slightly different code bases, and in any event to
> prevent confusion I'm assigning it a separate CVE to prevent confusion
> since Ruby on Rails = 100% usage basically and multi_xml = > 100%
> (probably a whole lot less).
> 
> Please use CVE-2013-0175 for this issue in the multi_xml ruby gem.

Thanks! multi_xml 0.5.2 was just released with the fix.
https://rubygems.org/gems/multi_xml/versions/0.5.2

~reed
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAlDvySIACgkQa6IiJvPDPVpZAwCfU8xU8qDKM6vFjRWv6lus9FFf
vaoAn1xEdqfElznfOoFRAxNquF9dwXEI
=9u/F
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ