Date: Fri, 11 Jan 2013 00:11:14 -0800 From: Reed Loden <reed@...dloden.com> To: Kurt Seifried <kseifried@...hat.com> Cc: oss-security@...ts.openwall.com Subject: Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 11 Jan 2013 00:52:38 -0700 Kurt Seifried <kseifried@...hat.com> wrote: > On 01/10/2013 05:56 PM, Reed Loden wrote: > > Apparently, the multi_xml ruby gem has the same issue as > > CVE-2013-0156. ... > These appear to be slightly different code bases, and in any event to > prevent confusion I'm assigning it a separate CVE to prevent confusion > since Ruby on Rails = 100% usage basically and multi_xml = > 100% > (probably a whole lot less). > > Please use CVE-2013-0175 for this issue in the multi_xml ruby gem. Thanks! multi_xml 0.5.2 was just released with the fix. https://rubygems.org/gems/multi_xml/versions/0.5.2 ~reed -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAlDvySIACgkQa6IiJvPDPVpZAwCfU8xU8qDKM6vFjRWv6lus9FFf vaoAn1xEdqfElznfOoFRAxNquF9dwXEI =9u/F -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.