New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mention the CVE id in "Ruby 1.9.2-p330 Released" #817
Comments
|
Could you please email security@ for these kinds of reports, please? Thank you! <3 |
|
@zzak you appear to be the original author of the blog post, but simply forgot to mention the CVE id.
|
|
Emailed |
|
Um? IMO there's no need to send email on security@... if CVE id already exists. @zzak This is not existing news post's problem so we can handle this here. |
|
@postmodern what was the CVE id? can you submit a patch? ;) |
|
@zzak no one seems to know the CVE id, or if one was even requested. |
|
What's also weird is the |
|
@postmodern I dont think a CVE was ever assigned, as this was considered a bugfix. Sorry for the confusion. |
"Critical security regression" doesn't exactly sound like a bugfix. Could you please have security@ request a CVE from MITRE? |
|
Use CVE-2014-6438 |
|
@tarcieri I can't find any information for CVE-2014-6438? If I can get a confirmed CVE, I'll make a PR to fix the news post. |
|
I just got it assigned about an hour ago at @zzak's request (via oss-security) |
|
and fixed in Pull Request #1138. |
|
In the updated announcement it's mentioned:
However, that bug report is private. Unless there's confidential information in the report, can you make it public, please? Thanks! |
There is no mention of the CVE id in Ruby 1.9.2-p330 Released.
The text was updated successfully, but these errors were encountered: