Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAAtdryMeBm=+QAMNSDNQZXJCgsCM4Mw=05ye1kS6bw6L+VaajQ@mail.gmail.com>
Date: Fri, 10 Jun 2016 16:10:29 +1000
From: Sam Saffron <sam.saffron@...il.com>
To: oss-security@...ts.openwall.com
Subject: Ruby gem rack-mini-profiler CVE-2016-4442

https://github.com/MiniProfiler/rack-mini-profiler

https://rubygems.org/gems/rack-mini-profiler/

Description: Carefully crafted requests can expose information about
strings and objects allocated during the request for unauthorised
users.

Fixed in: https://github.com/MiniProfiler/rack-mini-profiler/commit/4273771d65f1a7411e3ef5843329308d0e2d257c

Released public fix in version: 0.10.


----

I am not sure how to go about announcing this CVE, where else to I
need to post this?

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.