Candidate: CVE-2013-1812
PublicDate: 2013-12-12 18:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1812
 http://www.openwall.com/lists/oss-security/2013/03/03/8
 https://bugzilla.novell.com/show_bug.cgi?id=804717
Description:
 The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to
 cause a denial of service (CPU consumption) via (1) a large XRDS document
 or (2) an XML Entity Expansion (XEE) attack.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702217
 https://bugs.launchpad.net/ubuntu/+source/libopenid-ruby/+bug/1190491
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_ruby-openid:
 upstream: https://github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ed
upstream_ruby-openid: released (2.1.8debian-6, 2.2.2)
hardy_ruby-openid: DNE
lucid_ruby-openid: DNE
oneiric_ruby-openid: DNE
precise_ruby-openid: DNE
quantal_ruby-openid: released (2.1.8debian-5ubuntu0.1)
raring_ruby-openid: not-affected (2.1.8debian-6)
devel_ruby-openid: not-affected (2.1.8debian-6)

Patches_libopenid-ruby:
upstream_libopenid-ruby: released (2.2.2)
hardy_libopenid-ruby: DNE
lucid_libopenid-ruby: released (2.1.7debian-1ubuntu0.1)
oneiric_libopenid-ruby: ignored (reached end-of-life)
precise_libopenid-ruby: released (2.1.8debian-1ubuntu0.1)
quantal_libopenid-ruby: DNE
raring_libopenid-ruby: DNE
devel_libopenid-ruby: DNE