*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Marc Deslauriers (mdeslaur):
Binary package hint: liblua5.1-expat0 Name: liblua5.1-expat0 Latest version: 1.1.0-3ubuntu1 Release: natty (11.04) Anything below LuaExpat 1.1.1 is vulnerable to the "billion laughs" attack. Version 1.2.0 has been released. http://article.gmane.org/gmane.comp.lang.lua.general/79336 Is the Ubuntu supplied version vulnerable? The Jabber Server "Prosody" ( http://prosody.im/doc/depends#luaexpat ) is using luaexpat. --- Description: Ubuntu 11.04 Release: 11.04 liblua5.1-expat0: Installed: 1.1.0-3ubuntu1 Candidate: 1.1.0-3ubuntu1 Version table: *** 1.1.0-3ubuntu1 0 500 http://de.archive.ubuntu.com/ubuntu/ natty/universe i386 Packages 100 /var/lib/dpkg/status ** Affects: lua-expat (Ubuntu) Importance: Undecided Status: New -- liblua5.1-expat0 vulnerable to "billion laughs" attack? https://bugs.launchpad.net/bugs/793582 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
