Date: Fri, 1 Mar 2013 16:50:37 +0100 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Subject: CVE request: ruby-openid XML denial of service attack Hi, ruby-openid is affected by a XML denial of service (Entity Expansion Attack / out of memory) attack as recently described. https://github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ed https://github.com/openid/ruby-openid/pull/43 https://bugzilla.novell.com/show_bug.cgi?id=804717 Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ