Skip to content

Commit cb0b06f

Browse files
jasnowpostmodern
jasnow
authored and
postmodern
committed
Updated info in sup advisories
1 parent c208da4 commit cb0b06f

File tree

2 files changed

+26
-4
lines changed

2 files changed

+26
-4
lines changed

gems/sup/CVE-2013-4478.yml

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,8 @@ gem: sup
33
cve: 2013-4478
44
osvdb: 99074
55
ghsa: 5f2p-6vjv-2q2m
6-
url: http://www.phenoelit.org/stuff/whatsup.txt
7-
title: Sup MUA Email Attachment Content Type Handling Arbitrary Command Execution
6+
url: https://web.archive.org/web/20140524012714/http://rubyforge.org/pipermail/sup-talk/2013-August/004993.html
7+
title: Sup wrongly handled the filename of attachments
88
date: 2013-10-29
99
description: |
1010
Sup MUA contains a flaw that is triggered when handling email attachment
@@ -13,3 +13,14 @@ cvss_v2: 6.8
1313
patched_versions:
1414
- "~> 0.13.2.1"
1515
- ">= 0.14.1.1"
16+
related:
17+
url:
18+
- https://nvd.nist.gov/vuln/detail/CVE-2013-4478
19+
- https://github.com/sup-heliotrope/sup/blob/develop/History.txt
20+
- https://www.openwall.com/lists/oss-security/2013/10/30/2
21+
- https://web.archive.org/web/20140524012714/http://rubyforge.org/pipermail/sup-talk/2013-August/004993.html
22+
- https://github.com/sup-heliotrope/sup/commit/8b46cdbfc14e07ca07d403aa28b0e7bc1c544785
23+
- https://www.mend.io/vulnerability-database/CVE-2013-4478
24+
- https://security-tracker.debian.org/tracker/CVE-2013-4478
25+
- https://lwn.net/Articles/575351
26+
- https://github.com/advisories/GHSA-5f2p-6vjv-2q2m

gems/sup/CVE-2013-4479.yml

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,8 @@ gem: sup
33
cve: 2013-4479
44
osvdb: 99074
55
ghsa: hh2x-7mf9-78fr
6-
url: http://www.phenoelit.org/stuff/whatsup.txt
7-
title: Sup MUA Email Attachment Content Type Handling Arbitrary Command Execution
6+
url: https://web.archive.org/web/20140524005344/http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html
7+
title: Sup did not sanitize the content-type of attachments
88
date: 2013-10-29
99
description: |
1010
Sup MUA contains a flaw that is triggered when handling email attachment
@@ -13,3 +13,14 @@ cvss_v2: 6.8
1313
patched_versions:
1414
- "~> 0.13.2.1"
1515
- ">= 0.14.1.1"
16+
related:
17+
url:
18+
- https://nvd.nist.gov/vuln/detail/CVE-2013-4479
19+
- https://web.archive.org/web/20140524005344/http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html
20+
- https://seclists.org/fulldisclosure/2013/Oct/272
21+
- https://seclists.org/fulldisclosure/2013/Oct/att-272/whatsup.txt
22+
- https://www.openwall.com/lists/oss-security/2013/10/30/2
23+
- https://github.com/sup-heliotrope/sup/commit/ca0302e0c716682d2de22e9136400c704cc93e42
24+
- https://security-tracker.debian.org/tracker/CVE-2013-4479
25+
- https://lwn.net/Articles/575351
26+
- https://github.com/advisories/GHSA-hh2x-7mf9-78fr

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy