Date: Sun, 20 Sep 2015 14:34:41 +0200 From: Dawa Ometto <d.ometto@...il.com> To: oss-security@...ts.openwall.com Subject: CVE Request: gollum information disclosure vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, A vulnerability has been found in the gollum wiki, which allows attackers to gain read access to arbitrary files on the system. Website: https://github.com/gollum/gollum Affected versions: 4.0.0 and earlier Patched version: 4.0.1 Fix: update the gollum gem by running `gem update gollum` See this commit for the patch: https://github.com/gollum/gollum/commit/ce68a88293ce3b18c261312392ad33a88bb69ea1 Please assign a CVE identifier. Thanks in advance, Dawa Ometto -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJV/qfhAAoJEOZ/bElPm95rx8sIAN1//QHUPQEM3Dy3M4zTesTw 72rBxilGPpsb/sCJunekbigW9gVubWrfqmpt7S7RZNW5PTUpspAlgp03Zz6mqhzX PFYAtF4OaQkumGAigI5Ae+4Zd2I0swkzWWi3G8Xhyze6POYQYy2rxsoOJCfV2l/I 3dxKJL9bX23PCc2G3TyOoNr4ctYsjtHLLosUDuoyTYsRgoturUlf1+My+naV9Ccv +JtRkeCCtZ+YsJmnnhxzWp/KtCAVju5xalfDbxPJdYeo40+P8crTjXHzLAfD7zra 6IvdnqX9w3VtfKSWzDmoVIefFa6Mq8na7ojeOWAjKSnLoDimyqzAXkTrMPh13Ds= =DwwE -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ