Date: Tue, 28 Jul 2015 14:39:59 +0200 From: Jan Rusnacko <jrusnack@...hat.com> To: oss-security@...ts.openwall.com, Assign a CVE Identifier <cve-assign@...re.org>, security@...y-lang.org Subject: Re: CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129 On 07/28/2015 11:44 AM, Reed Loden wrote: > * DL::Function#call could pass tainted arguments to a C function even if > $SAFE > 0. > https://github.com/ruby/ruby/commit/7269e3de3cee3bbb6ab77fc708f3a10cab00b65e Could this be related to CVE-2013-2065 ? https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/ -- Jan Rusnacko, Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ