Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 3 Jan 2015 00:40:19 +0000
From: David Jorm <djorm@...p.iixpeering.net>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: 2012 CVE request: XXE in nokogiri ruby gem

Just following up on this issue. Upstream has confirmed that no CVE ID was ever assigned:


https://github.com/sparklemotion/nokogiri/issues/693#issuecomment-68426535


Thanks

--

David Jorm / IIX Product Security


________________________________
From: David Jorm
Sent: Tuesday, December 30, 2014 5:01 PM
To: oss-security@...ts.openwall.com
Subject: 2012 CVE request: XXE in nokogiri ruby gem


Hi All


An XXE issue was reported and fixed in nokogiri, but as far as I can see no CVE ID was ever assigned. It appears a lot of people haven't updated their dependencies as a result, so a CVE ID would be helpful. For details, see:


https://github.com/sparklemotion/nokogiri/issues/693#issuecomment-68334768


Thanks

--

David Jorm / IIX Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ