Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130213185528.69c6ffe0.reed@reedloden.com>
Date: Wed, 13 Feb 2013 18:55:28 -0800
From: Reed Loden <reed@...dloden.com>
To: oss-security@...ts.openwall.com
Cc: kseifried@...hat.com, maxim@...oillogical.com
Subject: Re: Some rubygems related CVEs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 13 Feb 2013 19:39:23 -0700
Kurt Seifried <kseifried@...hat.com> wrote:

> newrelic_rpm information disclosure
> 
> newrelic_rpm
> https://newrelic.com/docs/ruby/ruby-agent-security-notification
> A bug in the Ruby agent causes database connection information and raw
> SQL statements to be transmitted to New Relic servers. The database
> connection information includes the database IP address, username, and
> password. The information is not stored or retransmitted by New Relic
> and is immediately discarded.
> 
> Please use CVE-2013-0284 for this issue.

This issue was disclosed on 2012-12-06, so it should actually have a
CVE-2012-XXXX assignment.

~reed
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAlEcUiAACgkQa6IiJvPDPVrOLgCdGJF+jeMIuyyybbToA3OUi5Ca
SSIAnjSBZF8SsToyHUT2IE1Viu0gVlni
=MMyb
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.