Michael Samuel of Amcom reported that the rbovirt rubygem makes unsafe usage of the rest-client gem.
HTTPS requests are sent with SSL verification disabled which could make applications making use of rbovirt vulnerable to MITM attacks.
Created rubygem-rbovirt tracking bugs for this issue:
Affects: fedora-all [bug 1073189]
Affects: epel-6 [bug 1073190]
Comment 6Fedora Update System
2014-03-15 15:18:00 UTC
rubygem-rbovirt-0.0.18-4.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
Comment 7Fedora Update System
2014-03-15 15:23:28 UTC
rubygem-rbovirt-0.0.18-4.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8Fedora Update System
2014-03-21 22:32:39 UTC
rubygem-rbovirt-0.0.6-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.