[DRE-maint] Query regarding ruby-mail's recent DoS report
Red Hat Product Security
secalert at redhat.com
Fri May 22 02:28:47 BST 2020
Hello!
INC1299099 (Query regarding ruby-mail's recent DoS report) has been updated.
Opened for: Yadnyawalk Tale
Followers: mikel at reinteractive.net, jeremydaer at gmail.com, pkg-ruby-extras-maintainers at lists.alioth.debian.org
A Guest updated your request with the following comments:
Reply from: jeremydaer at gmail.com
Hi Yadnyawalk,
No update as of yet. I wasn't aware of the public report. Thanks
for letting me know.
Re. CVE, agreed; will do.
Thanks,
Jeremy
On Mon, May 18, 2020 at 3:14 AM Yadnyawalk Tale wrote:
> Hello there,
>
> I work for Red Hat Product Security team, and was wondering if you have an
> update on the public report of ruby-mail DoS. Does anyone know if fixes are
> merged and ruby-mail requested a CVE?
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960064
>
> We feel this should have a CVE given due to its potential impact if this
> turns
> out to be a valid flaw. Red Hat is also a CVE Numbering Authority (CNA)
> but as
> a precedent, ruby-mail should request a CVE to CNA.
>
> Please let us know.
>
> --
> Yadnyawalk Tale / Red Hat Product Security
> 1376 736C 0705 3DD9 098C 561C 83F3 543F D303 F537
>
How can I track and update my request?
To respond, reply to this email. You may also create a new email and include the request number (INC1299099) in the subject.
Thank you,
Product Security
Ref:MSG31233137
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-ruby-extras-maintainers/attachments/20200521/b2a4f4d8/attachment.html>
More information about the Pkg-ruby-extras-maintainers
mailing list