CVE-2013-1821
Published: 7 March 2013
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
ruby1.8 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Released
(1.8.7.249-2ubuntu0.3)
|
|
| oneiric |
Released
(1.8.7.352-2ubuntu0.3)
|
|
| precise |
Released
(1.8.7.352-2ubuntu1.2)
|
|
| quantal |
Released
(1.8.7.358-4ubuntu0.2)
|
|
| raring |
Not vulnerable
(1.8.7.358-7ubuntu1)
|
|
| saucy |
Not vulnerable
(1.8.7.358-7ubuntu1)
|
|
| upstream |
Released
(1.8.7.358-7)
|
|
|
ruby1.9.1 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Ignored
(end of life)
|
|
| oneiric |
Ignored
(end of life)
|
|
| precise |
Released
(1.9.3.0-1ubuntu2.6)
|
|
| quantal |
Released
(1.9.3.194-1ubuntu1.4)
|
|
| raring |
Released
(1.9.3.194-8.1ubuntu1)
|
|
| saucy |
Released
(1.9.3.194-8.1ubuntu1)
|
|
| upstream |
Released
(1.9.3 patchlevel 392,1.9.3.194-8.1)
|
|
|
Patches: upstream: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384 |
||