Date: Mon, 10 Mar 2008 08:35:12 +0100 From: Tomas Hoger <thoger@...hat.com> To: oss-security@...ts.openwall.com, smithj@...ethemallocs.com Cc: "Steven M. Christey" <coley@...re.org> Subject: Re: CVE request: ruby information disclosure On Sun, 09 Mar 2008 17:18:04 -0800 Jonathan Smith <smithj@...ethemallocs.com> wrote: > Gentoo has an open bug  indicating a minor information disclosure > issue in ruby. They also sortof indicate that there has been a CVE > request, but I can't find it anywhere. So either consider this a > request or a ping on an existing request :) > > rPath also has an issue  if you need references. > > : https://bugs.gentoo.org/show_bug.cgi?id=212264 > : https://issues.rpath.com/browse/RPL-2338 CVE-2008-1145 http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/ for better reference. Check NVD site , as CVE descriptions frequently appear there hours to days earlier than on CVE site.  http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1145 -- Tomas Hoger Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.