[DRE-maint] Bug#722361: rubygems: CVE-2013-4287: Algorithmic complexity vulnerability in RubyGems 2.0.7 and older
Henri Salo
henri at nerv.fi
Tue Sep 10 15:48:37 UTC 2013
Package: rubygems
Version: 1.8.24-1
Severity: important
Tags: security, fixed-upstream
RubyGems validates versions with a regular expression that is vulnerable to
denial of service due to backtracking. For specially crafted RubyGems
versions attackers can cause denial of service through CPU consumption.
More information: http://www.openwall.com/lists/oss-security/2013/09/10/1
Please update affected versions accordingly and use CVE in the changelog.
---
Henri Salo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20130910/57627d22/attachment-0001.sig>
More information about the Pkg-ruby-extras-maintainers
mailing list