[DRE-maint] [Bug 1190491] [NEW] XML denial of service vulnerability
Christian Kuersteiner
ckuerste at gmx.ch
Thu Jun 13 07:47:28 UTC 2013
*** This bug is a security vulnerability ***
Public security bug reported:
libopenid-ruby is affected by a XML denial of service (Entity Expansion
Attack / out of memory) attack.
See: https://github.com/openid/ruby-openid/pull/43
Patch:
https://github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ed
** Affects: libopenid-ruby (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Private Security to Public Security
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-1812
--
You received this bug notification because you are subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1190491
Title:
XML denial of service vulnerability
Status in “libopenid-ruby” package in Ubuntu:
New
Bug description:
libopenid-ruby is affected by a XML denial of service (Entity
Expansion Attack / out of memory) attack.
See: https://github.com/openid/ruby-openid/pull/43
Patch:
https://github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ed
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libopenid-ruby/+bug/1190491/+subscriptions
More information about the Pkg-ruby-extras-maintainers
mailing list