Your submission was sent successfully! Close

CVE-2008-3790

Published: 27 August 2008

The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."

Priority

Low

Status

Package Release Status
ruby1.8
Launchpad, Ubuntu, Debian
dapper
Released (1.8.4-1ubuntu1.6)
feisty
Released (1.8.5-4ubuntu2.3)
gutsy
Released (1.8.6.36-1ubuntu3.3)
hardy
Released (1.8.6.111-2ubuntu1.2)
intrepid Not vulnerable
(1.8.7.72-1)
jaunty Not vulnerable
(1.8.7.72-1)
karmic Not vulnerable
(1.8.7.72-1)
lucid Not vulnerable
(1.8.7.72-1)
maverick Not vulnerable
(1.8.7.72-1)
natty Not vulnerable
(1.8.7.72-1)
oneiric Not vulnerable
(1.8.7.72-1)
upstream
Released (1.8.7.72-1)
ruby1.9
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
feisty Needed
(reached end-of-life)
gutsy Needed
(reached end-of-life)
hardy Ignored
(reached end-of-life)
intrepid
Released (1.9.0.2-7)
jaunty
Released (1.9.0.2-7)
karmic
Released (1.9.0.2-7)
lucid
Released (1.9.0.2-7)
maverick Does not exist
(pulled 2010-07-27)
natty Does not exist
(pulled 2010-07-27)
oneiric Does not exist
(pulled 2010-07-27)
upstream
Released (1.9.0.2-7)