XML denial of service vulnerability
Bug #1190179 reported by
Christian Kuersteiner
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ruby-openid (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Quantal |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
ruby-openid is affected by a XML denial of service (Entity Expansion Attack / out of memory) attack.
See: https:/
Patch:
https:/
Raring and Saucy contain already the patch and are not vulnerable.
Related branches
CVE References
information type: | Private Security → Public Security |
Changed in ruby-openid (Ubuntu): | |
status: | New → Fix Released |
Changed in ruby-openid (Ubuntu Quantal): | |
status: | New → Incomplete |
To post a comment you must log in.
Debdiff for quantal.
Tests done:
- Builds with pbuilder.
- Can install and upgrade cleanly.