This bug was fixed in the package libopenid-ruby - 2.1.8debian-1ubuntu0.1
--------------- libopenid-ruby (2.1.8debian-1ubuntu0.1) precise-security; urgency=low
* SECURITY UPDATE: XML denial of service attack (LP: #1190491) - debian/patches/02_CVE_2013_1812.patch: lib/openid/fetchers.rb, lib/openid/yadis/xrds.rb: limit fetching file size & disable XML entity expansion. Based on upstream patch. - CVE-2013-1812 -- Christian Kuersteiner <email address hidden> Mon, 24 Jun 2013 10:04:38 +0700
This bug was fixed in the package libopenid-ruby - 2.1.8debian- 1ubuntu0. 1
--------------- 1ubuntu0. 1) precise-security; urgency=low
libopenid-ruby (2.1.8debian-
* SECURITY UPDATE: XML denial of service attack (LP: #1190491) patches/ 02_CVE_ 2013_1812. patch: lib/openid/ fetchers. rb, openid/ yadis/xrds. rb: limit fetching file size & disable XML entity
- debian/
lib/
expansion. Based on upstream patch.
- CVE-2013-1812
-- Christian Kuersteiner <email address hidden> Mon, 24 Jun 2013 10:04:38 +0700