'Re: [oss-security] RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs
From:       larry Cashdollar <larry0 () me ! com>
Date:       2013-03-21 1:57:20
Message-ID: D75392E2-9988-4AD1-AE06-177587DA1C52 () me ! com
[Download RAW message or body]


This was my fault, I should have sent the CVE numbers off list. Sorry all.

Larry C$

On Mar 20, 2013, at 1:13 PM, "Christey, Steven M." <coley@mitre.org> wrote:

> http://direct.osvdb.org/show/osvdb/91450 (command_wrap gem) did not get any separate CVEs \
> from MITRE, so the original assignment of CVE-2013-1875 is still valid. 
> We have REJECTed CVE-2013-1876, CVE-2013-1877, and CVE-2013-1878 as originally stated by \
> Kurt. 
> - Steve
> 
> 
> 
> > -----Original Message-----
> > From: Kurt Seifried [mailto:kseifried@redhat.com]
> > Sent: Wednesday, March 20, 2013 5:05 AM
> > To: oss-security@lists.openwall.com
> > Cc: Henri Salo; larry0@me.com; Christey, Steven M.
> > Subject: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs
> > 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > On 03/20/2013 02:43 AM, Kurt Seifried wrote:
> > 
> > Argh I didn't pay attention to Larry's previous emails where he listed
> > the CVE's assigned:
> > 
> > http://www.openwall.com/lists/oss-security/2013/03/19/9
> > 
> > http://www.osvdb.org/show/osvdb/91232  fastreader CVE-2013-2615
> > http://www.osvdb.org/show/osvdb/91231  MiniMagic  CVE-2013-2616
> > http://www.osvdb.org/show/osvdb/91230  Curl       CVE-2013-2617
> > 
> > Please don't send requests to oss-sec if you already sent a request to
> > Mitre/anyone else. Also I don't seem to have these in my emails from
> > Mitre (to VIM list or anywhere else)?
> > 
> > > ===================
> > > > > These 4 are all the ";" URL parsing issues ny larry0@me.com
> > > > > =================== http://direct.osvdb.org/show/osvdb/91450
> > > > > command_wrap gem
> > > 
> > > Please use CVE-2013-1875 for this issue.
> > 
> > Did this one get a CVE from Mitre?
> > 
> > > > > http://direct.osvdb.org/show/osvdb/91232 fastreader gem
> > > 
> > > Please use CVE-2013-1876 for this issue.
> > 
> > Please reject, use CVE-2013-2615 instead
> > 
> > > > > http://direct.osvdb.org/show/osvdb/91231 MiniMagic gem
> > > 
> > > Please use CVE-2013-1877 for this issue.
> > 
> > Please reject, use CVE-2013-2616 instead
> > 
> > > > > http://direct.osvdb.org/show/osvdb/91230 Curl gem
> > > 
> > > Please use CVE-2013-1878 for this issue.
> > 
> > Please reject, use CVE-2013-2617 instead
> 


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic