Date: Wed, 19 Nov 2008 11:18:37 +0100 From: Ludwig Nussel <ludwig.nussel@...e.de> To: "Steven M. Christey" <coley@...re.org> Cc: oss-security@...ts.openwall.com Subject: CVE Request: ruby on rails header injection Hi, A header injection bug in ruby on rails was fixed some time ago but doesn't seem to have CVE number yet: http://www.rorsecurity.info/journal/2008/10/20/header-injection-and-response-splitting.html http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.