Date: Fri, 10 Jun 2016 16:10:29 +1000 From: Sam Saffron <sam.saffron@...il.com> To: oss-security@...ts.openwall.com Subject: Ruby gem rack-mini-profiler CVE-2016-4442 https://github.com/MiniProfiler/rack-mini-profiler https://rubygems.org/gems/rack-mini-profiler/ Description: Carefully crafted requests can expose information about strings and objects allocated during the request for unauthorised users. Fixed in: https://github.com/MiniProfiler/rack-mini-profiler/commit/4273771d65f1a7411e3ef5843329308d0e2d257c Released public fix in version: 0.10. ---- I am not sure how to go about announcing this CVE, where else to I need to post this?
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.