Bug 1046663 (CVE-2013-6460)
Summary: | CVE-2013-6460 rubygem-nokogiri: DoS while parsing XML documents | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Ratul Gupta <ratulg> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | abaron, aortega, apevec, ayoung, bdunne, bhu, bkearney, bleanhar, ccoleman, chrisw, cpelland, dajohnso, dallan, dmcphers, esammons, gkotton, iboverma, jdetiber, jfrey, jialiu, jomara, jrafanie, jross, katello-bugs, kseifried, lhh, lmeyer, markmc, matt, mcressma, mmccune, mrg-program-list, mtasaka, obarenbo, rbryant, rhos-maint, sclewis, tremble, vanmeeuwen+fedora, vondruch, williams, xlecauch, yeylon |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | rubygem-nokogiri 1.5.11, rubygem-nokogiri 1.6.1 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-01-23 19:22:11 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1046665 | ||
Bug Blocks: | 1046667 |
Description
Ratul Gupta
2013-12-26 13:14:44 UTC
Created rubygem-nokogiri tracking bugs for this issue: Affects: fedora-all [bug 1046665] Would you confirm if this really affects fedora? Upstream info says JRuby extension is affected, patches are for .java files, however fedora (at least fedora's rubygem-nokogiri srpm) does not ship nokogiri JRuby extension. Java files are included in http://rubygems.org/downloads/nokogiri-1.5.11-java.gem or so, however fedora srpm does not use this, and uses http://rubygems.org/downloads/nokogiri-1.5.9.gem or so. CVE Request: http://seclists.org/oss-sec/2013/q4/551 Again setting needinfo. This issue does not affect anything we ship. While the nokogiri rubygem is included in Fedora and EPEL, there is no JRuby implementation provided on either platform. |