Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Jul 2015 02:44:46 -0700
From: Reed Loden <>
	Assign a CVE Identifier <>,
Subject: CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129

>From the above:

* DL::Function#call could pass tainted arguments to a C function even if
$SAFE > 0.

* DL::dlopen could open a library with tainted library name even if
$SAFE > 0

Doesn't look like either one of these was ever assigned a CVE (please
correct me if I'm wrong).

These seem to be different issues than CVE-2008-3657.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.