** Changed in: ruby-openid (Ubuntu Quantal)
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1190491
Title:
XML denial of service vulnerability
To manage
This bug was fixed in the package libopenid-ruby - 2.1.8debian-
1ubuntu0.1
---
libopenid-ruby (2.1.8debian-1ubuntu0.1) precise-security; urgency=low
* SECURITY UPDATE: XML denial of service attack (LP: #1190491)
- debian/patches/02_CVE_2013_1812.patch: lib/openid/fetchers.rb,
This bug was fixed in the package libopenid-ruby - 2.1.7debian-
1ubuntu0.1
---
libopenid-ruby (2.1.7debian-1ubuntu0.1) lucid-security; urgency=low
* SECURITY UPDATE: XML denial of service attack (LP: #1190491)
- debian/patches/CVE-2013-1812.patch: lib/openid/fetchers.rb,
Thanks Christian!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1190491
Title:
XML denial of service vulnerability
To manage notifications about this bug go to:
** Branch linked: lp:~ubuntu-branches/ubuntu/lucid/libopenid-ruby/lucid-
security
** Branch linked: lp:~ubuntu-branches/ubuntu/precise/libopenid-ruby
/precise-security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Quantal ruby-openid is already fixed through
https://bugs.launchpad.net/ubuntu/+source/ruby-openid/+bug/1190179.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1190491
Title:
XML denial of service
Precise debdiff.
Tests done:
- Builds with pbuilder
- can install and upgrade cleanly
- Tested with examples/rails_openid: creation of new identity worked without a
problem. I could not start the second server with 'script/server --port=3001'.
The application didn't understand the port part.
Lucid debdiff.
Tests done:
- Builds with pbuilder
- can install and upgrade cleanly
- Tested with examples/rails_openid: creation of new identity and verifying via
second instance worked without a problem.
** Patch added: lp1190491-lucid.debdiff
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
What's the relationship between this bug and bug
https://bugs.launchpad.net/bugs/1190179 ?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1190491
Title:
XML denial of service vulnerability
To
It's the same vulnerability. As far as I see the package got
renamed/moved from libopenid-ruby to ruby-openid on quantal. Since they
are different packages I opened two bugs.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
11 matches
Mail list logo