This bug was fixed in the package libopenid-ruby - 2.1.8debian- 1ubuntu0.1 --------------- libopenid-ruby (2.1.8debian-1ubuntu0.1) precise-security; urgency=low
* SECURITY UPDATE: XML denial of service attack (LP: #1190491) - debian/patches/02_CVE_2013_1812.patch: lib/openid/fetchers.rb, lib/openid/yadis/xrds.rb: limit fetching file size & disable XML entity expansion. Based on upstream patch. - CVE-2013-1812 -- Christian Kuersteiner <ckuer...@gmx.ch> Mon, 24 Jun 2013 10:04:38 +0700 ** Changed in: libopenid-ruby (Ubuntu Precise) Status: Confirmed => Fix Released ** Changed in: libopenid-ruby (Ubuntu Lucid) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1190491 Title: XML denial of service vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libopenid-ruby/+bug/1190491/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs