Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 20 Sep 2015 14:34:41 +0200
From: Dawa Ometto <d.ometto@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: gollum information disclosure vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

A vulnerability has been found in the gollum wiki, which allows
attackers to gain read access to arbitrary files on the system.

Website: https://github.com/gollum/gollum
Affected versions: 4.0.0 and earlier
Patched version: 4.0.1
Fix: update the gollum gem by running `gem update gollum`

See this commit for the patch:
https://github.com/gollum/gollum/commit/ce68a88293ce3b18c261312392ad33a88bb69ea1

Please assign a CVE identifier.

Thanks in advance,

Dawa Ometto

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQEcBAEBCgAGBQJV/qfhAAoJEOZ/bElPm95rx8sIAN1//QHUPQEM3Dy3M4zTesTw
72rBxilGPpsb/sCJunekbigW9gVubWrfqmpt7S7RZNW5PTUpspAlgp03Zz6mqhzX
PFYAtF4OaQkumGAigI5Ae+4Zd2I0swkzWWi3G8Xhyze6POYQYy2rxsoOJCfV2l/I
3dxKJL9bX23PCc2G3TyOoNr4ctYsjtHLLosUDuoyTYsRgoturUlf1+My+naV9Ccv
+JtRkeCCtZ+YsJmnnhxzWp/KtCAVju5xalfDbxPJdYeo40+P8crTjXHzLAfD7zra
6IvdnqX9w3VtfKSWzDmoVIefFa6Mq8na7ojeOWAjKSnLoDimyqzAXkTrMPh13Ds=
=DwwE
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ