Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Mon, 11 Aug 2008 19:06:10 +1000
From: Steffen Joeris <steffen.joeris@...lelinux.de>
To: oss-security@...ts.openwall.com
Subject: CVE id requests: ruby

Hi

It seems that there was another ruby release, which addresses some security 
fixes.
I guess the new ones are:

* Several vulnerabilities in safe level
* DoS vulnerability in WEBrick
* Lack of taintness check in dl

I didn't check their exploitability, but it might be good to have CVE ids for 
them anyway.

Upstream page:
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/

Debian Bug report:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401

Cheers
Steffen

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux