[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs
From: larry Cashdollar <larry0 () me ! com>
Date: 2013-03-21 1:57:20
Message-ID: D75392E2-9988-4AD1-AE06-177587DA1C52 () me ! com
[Download RAW message or body]
This was my fault, I should have sent the CVE numbers off list. Sorry all.
Larry C$
On Mar 20, 2013, at 1:13 PM, "Christey, Steven M." <coley@mitre.org> wrote:
> http://direct.osvdb.org/show/osvdb/91450 (command_wrap gem) did not get any separate CVEs \
> from MITRE, so the original assignment of CVE-2013-1875 is still valid.
> We have REJECTed CVE-2013-1876, CVE-2013-1877, and CVE-2013-1878 as originally stated by \
> Kurt.
> - Steve
>
>
>
> > -----Original Message-----
> > From: Kurt Seifried [mailto:kseifried@redhat.com]
> > Sent: Wednesday, March 20, 2013 5:05 AM
> > To: oss-security@lists.openwall.com
> > Cc: Henri Salo; larry0@me.com; Christey, Steven M.
> > Subject: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On 03/20/2013 02:43 AM, Kurt Seifried wrote:
> >
> > Argh I didn't pay attention to Larry's previous emails where he listed
> > the CVE's assigned:
> >
> > http://www.openwall.com/lists/oss-security/2013/03/19/9
> >
> > http://www.osvdb.org/show/osvdb/91232 fastreader CVE-2013-2615
> > http://www.osvdb.org/show/osvdb/91231 MiniMagic CVE-2013-2616
> > http://www.osvdb.org/show/osvdb/91230 Curl CVE-2013-2617
> >
> > Please don't send requests to oss-sec if you already sent a request to
> > Mitre/anyone else. Also I don't seem to have these in my emails from
> > Mitre (to VIM list or anywhere else)?
> >
> > > ===================
> > > > > These 4 are all the ";" URL parsing issues ny larry0@me.com
> > > > > =================== http://direct.osvdb.org/show/osvdb/91450
> > > > > command_wrap gem
> > >
> > > Please use CVE-2013-1875 for this issue.
> >
> > Did this one get a CVE from Mitre?
> >
> > > > > http://direct.osvdb.org/show/osvdb/91232 fastreader gem
> > >
> > > Please use CVE-2013-1876 for this issue.
> >
> > Please reject, use CVE-2013-2615 instead
> >
> > > > > http://direct.osvdb.org/show/osvdb/91231 MiniMagic gem
> > >
> > > Please use CVE-2013-1877 for this issue.
> >
> > Please reject, use CVE-2013-2616 instead
> >
> > > > > http://direct.osvdb.org/show/osvdb/91230 Curl gem
> > >
> > > Please use CVE-2013-1878 for this issue.
> >
> > Please reject, use CVE-2013-2617 instead
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic