Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <511C83A2.4040400@redhat.com>
Date: Wed, 13 Feb 2013 23:26:42 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: Reed Loden <reed@...dloden.com>
CC: oss-security@...ts.openwall.com, maxim@...oillogical.com
Subject: Re: Some rubygems related CVEs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/13/2013 07:55 PM, Reed Loden wrote:
> On Wed, 13 Feb 2013 19:39:23 -0700 Kurt Seifried
> <kseifried@...hat.com> wrote:
> 
>> newrelic_rpm information disclosure
> 
>> newrelic_rpm 
>> https://newrelic.com/docs/ruby/ruby-agent-security-notification A
>> bug in the Ruby agent causes database connection information and
>> raw SQL statements to be transmitted to New Relic servers. The
>> database connection information includes the database IP address,
>> username, and password. The information is not stored or
>> retransmitted by New Relic and is immediately discarded.
> 
>> Please use CVE-2013-0284 for this issue.
> 
> This issue was disclosed on 2012-12-06, so it should actually have
> a CVE-2012-XXXX assignment.
> 
> ~reed

Well the entry had no date and I couldn't find out one way or the
other so 2013 it is.

Just a general note: please put published dates on your web pages. It
makes life ever so much easier.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRHIOiAAoJEBYNRVNeJnmTkzkP/AgvWQIsMLbeI3GlqhpwKdvo
iTP9Xzi9t1e1y9e+y31IAjpL4Z3J0rVY+JVneedih6XgjRUWJz6wvmlJj7C3lFi4
MrMdovbzhpk4evmm4TcnKM2gypz40D14Zr+HZPxNtICDKQs06V0gFGurfX7hBOH6
LEkveaXs9QY0lgsQ737XPaSbsGblC6/zjXLI0yruLSAkTCsS7niEyRuqYBidFtux
lsxBL+wERFybfhxydENh3YbEboZyEggg609p5DjCcYnZ/em1dKwUUKp48gIaSmFJ
O5Cnf4STFzdBiixpHOGrqUEvD+FheHe5/WZi4lh1iJUt0/bB/KkfdzNQyECdZsAz
9W1Sdepe9H8dmRYnExEmEaro55BON1d9GtDdKwUfwGaB3AOffENo4HiPKXs7xI/Q
s84TSbsSzoYnJOi9f3/Be2kPaq6BEI6fobeeq7JGkWCFCNn+7c7ZMHbrGsrxdM96
uOAcjVmdvIl0WbJ6whXzGxRJV1QQ7mI0lygxx0WYjMRh4uUwaClpp1uWpfDAEMVG
wzUC2lcvCs931E15bvIKQdcZCKYyXtmBdX+RruHbsZ0VxJG81KuaSqcH/p2SctTp
MF90UzTkowNQjxCceUMRgvMg1DWM90wNP+4BQTaEDTqwZsN4hWBP4CPvwDQCcdKZ
RCQnwfO3umlXqq/IGUUQ
=6NM3
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.