Package: ruby1.8 Version: 1.8.5-4etch2 Severity: grave Tags: security Justification: user security hole
The rexml lib is vulnerable to a DoS attack. Please see http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/. I know there isn't an official patch yet (except the overloading of the REXML module via http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb but I expect that to be out soon. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-domu Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages ruby1.8 depends on: ii libc6 2.3.6.ds1-13etch7 GNU C Library: Shared libraries ii libruby1.8 1.8.5-4etch2 Libraries necessary to run Ruby 1. ruby1.8 recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]