I meant 'is there a security mailing list for Rack'. thanks,
Mike On Sun, Feb 10, 2013 at 2:26 AM, Mike Bailey <m...@bailey.net.au> wrote: > Thanks for sharing this Mario. > > Where was the announcement first made? > > Is there a security mailing list for Sinatra? > > thanks, > > Mike > > > > On Sat, Feb 9, 2013 at 12:02 PM, Mario Visic <ma...@mariovisic.com> wrote: > >> There are 2 security vulnerabilities that has just been fixed in rack. >> Everyone running rack (rails, sinatra etc...) should update *ASAP* >> * >> * >> Details here: http://rack.github.com/ >> >> CVE-2013-0262: >> >>> allows attackers to access arbitrary files outside the intended root >>> directory via a crafted PATH_INFO environment variable >> >> >> CVE-2013-0263: >> >>> If users are using the Marshal (default) session cookie encoding, then >>> those users are vulnerable to a Remote Code Execution, after a successful >>> timing attack. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ruby or Rails Oceania" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to rails-oceania+unsubscr...@googlegroups.com. >> To post to this group, send email to rails-oceania@googlegroups.com. >> Visit this group at http://groups.google.com/group/rails-oceania?hl=en. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > > > > -- > *- Mike* > * > * > > e. m...@bailey.net.au > > w. mike.bailey.net.au > -- *- Mike* * * e. m...@bailey.net.au w. mike.bailey.net.au -- You received this message because you are subscribed to the Google Groups "Ruby or Rails Oceania" group. To unsubscribe from this group and stop receiving emails from it, send an email to rails-oceania+unsubscr...@googlegroups.com. To post to this group, send email to rails-oceania@googlegroups.com. Visit this group at http://groups.google.com/group/rails-oceania?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
