[Bug 1190491] Re: XML denial of service vulnerability

Launchpad Bug Tracker Fri, 05 Jul 2013 18:36:27 -0700

This bug was fixed in the package libopenid-ruby - 2.1.7debian-
1ubuntu0.1

---------------
libopenid-ruby (2.1.7debian-1ubuntu0.1) lucid-security; urgency=low


  * SECURITY UPDATE: XML denial of service attack (LP: #1190491)
    - debian/patches/CVE-2013-1812.patch: lib/openid/fetchers.rb,
      lib/openid/yadis/xrds.rb: limit fetching file size & disable XML entity
      expansion. Based on upstream patch.
    - CVE-2013-1812
 -- Christian Kuersteiner <[email protected]>   Thu, 20 Jun 2013 15:51:01 +0700

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1190491

Title:
  XML denial of service vulnerability

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libopenid-ruby/+bug/1190491/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1190491] Re: XML denial of service vulnerability

Reply via email to