CVE-2013-1821 in Ubuntu

CVE-2013-1821

Priority

Description

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows
remote attackers to cause a denial of service (memory consumption and
crash) via crafted text nodes in an XML document, aka an XML Entity
Expansion (XEE) attack.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1821
http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/
https://usn.ubuntu.com/usn/usn-1780-1

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702526
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525

Assigned-to

mdeslaur

Notes

Package

Source: ruby1.8 (LP Ubuntu Debian)

Upstream:

released (1.8.7.358-7)

Package

Source: ruby1.9.1 (LP Ubuntu Debian)

Upstream:

released (1.9.3 patchlevel 392,1.9.3.194-8.1)

Patches:

Upstream:

http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2019-12-05 21:03:29 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)