Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Jul 2015 02:44:46 -0700
From: Reed Loden <>
	Assign a CVE Identifier <>,
Subject: CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129

>From the above:

* DL::Function#call could pass tainted arguments to a C function even if
$SAFE > 0.

* DL::dlopen could open a library with tainted library name even if
$SAFE > 0

Doesn't look like either one of these was ever assigned a CVE (please
correct me if I'm wrong).

These seem to be different issues than CVE-2008-3657.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ