Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20130111001114.332846b4.reed@reedloden.com>
Date: Fri, 11 Jan 2013 00:11:14 -0800
From: Reed Loden <reed@...dloden.com>
To: Kurt Seifried <kseifried@...hat.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE request for multi_xml ruby gem (has same
 problem as CVE-2013-0156)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 11 Jan 2013 00:52:38 -0700
Kurt Seifried <kseifried@...hat.com> wrote:

> On 01/10/2013 05:56 PM, Reed Loden wrote:
> > Apparently, the multi_xml ruby gem has the same issue as
> > CVE-2013-0156.
...
> These appear to be slightly different code bases, and in any event to
> prevent confusion I'm assigning it a separate CVE to prevent confusion
> since Ruby on Rails = 100% usage basically and multi_xml = > 100%
> (probably a whole lot less).
> 
> Please use CVE-2013-0175 for this issue in the multi_xml ruby gem.

Thanks! multi_xml 0.5.2 was just released with the fix.
https://rubygems.org/gems/multi_xml/versions/0.5.2

~reed
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAlDvySIACgkQa6IiJvPDPVpZAwCfU8xU8qDKM6vFjRWv6lus9FFf
vaoAn1xEdqfElznfOoFRAxNquF9dwXEI
=9u/F
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.