Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2015-9096 for Ruby SMTP injection. Migrate Mail OSVDB-131677 to CVE-2015-9097. #293

Merged
merged 1 commit into from
Jun 13, 2017

Conversation

jeremy
Copy link
Contributor

@jeremy jeremy commented Jun 12, 2017

Add CVE-2015-9096 for Ruby Net::SMTP command injection.

Migrate Mail OSVDB-131677 to CVE-2015-9097.

/cc @unak @shugo @reedloden @phillmv

@jeremy jeremy force-pushed the smtp-command-injection branch 2 times, most recently from 531a291 to 5fd0ff0 Compare June 12, 2017 21:09
@jeremy jeremy changed the title Add CVE-2015-TBD-SMTP for Ruby Net::SMTP command injection CVE-2015-9096 for Ruby SMTP injection. Migrate Mail OSVDB-131677 to CVE-2015-9097. Jun 12, 2017
@phillmv
Copy link
Member

phillmv commented Jun 13, 2017

One caveat: moving off the root OSVDB file path will break any links made to https://rubysec.com/advisories/mail-OSVDB-131677, which is listed in a bunch of places, i.e. https://nvd.nist.gov/vuln/detail/CVE-2015-9097

Can we:

  1. Keep the old OSVDB file, and add the CVE as a root key in the yaml file
  2. Add the new 9096 CVE advisory

@phillmv
Copy link
Member

phillmv commented Jun 13, 2017

Otherwise this is great!

@jeremy
Copy link
Contributor Author

jeremy commented Jun 13, 2017

Great point. I'll leave the original OSVDB naming and reference the CVE.

@jeremy jeremy force-pushed the smtp-command-injection branch from 5fd0ff0 to 020e33f Compare June 13, 2017 15:58
@jeremy
Copy link
Contributor Author

jeremy commented Jun 13, 2017

Done.

@reedloden reedloden merged commit 3333cf2 into rubysec:master Jun 13, 2017
@jeremy jeremy deleted the smtp-command-injection branch June 13, 2017 17:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants