Date: Fri, 1 Mar 2013 16:50:37 +0100 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Subject: CVE request: ruby-openid XML denial of service attack Hi, ruby-openid is affected by a XML denial of service (Entity Expansion Attack / out of memory) attack as recently described. https://github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ed https://github.com/openid/ruby-openid/pull/43 https://bugzilla.novell.com/show_bug.cgi?id=804717 Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.