Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 13 Feb 2013 23:26:42 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: Reed Loden <reed@...dloden.com>
CC: oss-security@...ts.openwall.com, maxim@...oillogical.com
Subject: Re: Some rubygems related CVEs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/13/2013 07:55 PM, Reed Loden wrote:
> On Wed, 13 Feb 2013 19:39:23 -0700 Kurt Seifried
> <kseifried@...hat.com> wrote:
> 
>> newrelic_rpm information disclosure
> 
>> newrelic_rpm 
>> https://newrelic.com/docs/ruby/ruby-agent-security-notification A
>> bug in the Ruby agent causes database connection information and
>> raw SQL statements to be transmitted to New Relic servers. The
>> database connection information includes the database IP address,
>> username, and password. The information is not stored or
>> retransmitted by New Relic and is immediately discarded.
> 
>> Please use CVE-2013-0284 for this issue.
> 
> This issue was disclosed on 2012-12-06, so it should actually have
> a CVE-2012-XXXX assignment.
> 
> ~reed

Well the entry had no date and I couldn't find out one way or the
other so 2013 it is.

Just a general note: please put published dates on your web pages. It
makes life ever so much easier.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRHIOiAAoJEBYNRVNeJnmTkzkP/AgvWQIsMLbeI3GlqhpwKdvo
iTP9Xzi9t1e1y9e+y31IAjpL4Z3J0rVY+JVneedih6XgjRUWJz6wvmlJj7C3lFi4
MrMdovbzhpk4evmm4TcnKM2gypz40D14Zr+HZPxNtICDKQs06V0gFGurfX7hBOH6
LEkveaXs9QY0lgsQ737XPaSbsGblC6/zjXLI0yruLSAkTCsS7niEyRuqYBidFtux
lsxBL+wERFybfhxydENh3YbEboZyEggg609p5DjCcYnZ/em1dKwUUKp48gIaSmFJ
O5Cnf4STFzdBiixpHOGrqUEvD+FheHe5/WZi4lh1iJUt0/bB/KkfdzNQyECdZsAz
9W1Sdepe9H8dmRYnExEmEaro55BON1d9GtDdKwUfwGaB3AOffENo4HiPKXs7xI/Q
s84TSbsSzoYnJOi9f3/Be2kPaq6BEI6fobeeq7JGkWCFCNn+7c7ZMHbrGsrxdM96
uOAcjVmdvIl0WbJ6whXzGxRJV1QQ7mI0lygxx0WYjMRh4uUwaClpp1uWpfDAEMVG
wzUC2lcvCs931E15bvIKQdcZCKYyXtmBdX+RruHbsZ0VxJG81KuaSqcH/p2SctTp
MF90UzTkowNQjxCceUMRgvMg1DWM90wNP+4BQTaEDTqwZsN4hWBP4CPvwDQCcdKZ
RCQnwfO3umlXqq/IGUUQ
=6NM3
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ