Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Assign CVE identifiers.

[ci:skip]
  • Loading branch information...
commit 84898dcb8d15d738e57337459e3a8722aa360c4c 1 parent 3c2bcad
@FooBarWidget FooBarWidget authored
Showing with 4 additions and 2 deletions.
  1. +4 −2 NEWS
View
6 NEWS
@@ -8,10 +8,11 @@ Release 4.0.38
Summary: writing files to arbitrary directory by hijacking temp directories
Affected versions: 4.0.37
Fixed versions: 4.0.38
+ CVE-2014-1831

CVE-2014-1832, no?

@FooBarWidget Owner

You're right, that's a typo.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Description:
- This issue is related to the security issue as mentioned in the 4.0.37
- release notes. The previous fix was incomplete, and still has a
+ This issue is related to CVE-2014-1831 (the security issue as mentioned in
+ the 4.0.37 release notes). The previous fix was incomplete, and still has a
(albeit smaller) small attack time window in between two filesystem
checks. This attack window is now gone.
* Fixed some compilation problems on Solaris. See issue #1047.
@@ -46,6 +47,7 @@ Release 4.0.37
Summary: writing files to arbitrary directory by hijacking temp directories
Affected versions: 4.0.5 and later
Fixed versions: 4.0.37
+ CVE-2014-1831
Description:
Phusion Passenger creates a "server instance directory" in /tmp during startup,
@reedloden

CVE-2014-1832, no?

@FooBarWidget
Owner

You're right, that's a typo.

Please sign in to comment.
Something went wrong with that request. Please try again.