Bug 921334 (CVE-2013-1856)
Summary: | CVE-2013-1856 rubygem-activesupport: jdom: XML Parsing Vulnerability affecting JRuby users | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> | ||||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||
Status: | CLOSED UPSTREAM | QA Contact: | |||||||||
Severity: | medium | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | unspecified | CC: | security-response-team | ||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2019-06-10 11:00:20 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | 922925 | ||||||||||
Bug Blocks: | |||||||||||
Attachments: |
|
Description
Kurt Seifried
2013-03-14 02:58:17 UTC
Created attachment 710230 [details]
3-0-jdom.patch
Created attachment 710231 [details]
3-1-jdom.patch
Created attachment 710232 [details]
3-2-jdom.patch
Please note that upstream reports that the patches have an issue and will be reissued this weekend most likely so we might need to respin this fix. This is public now, patches are attached to the mail. http://www.openwall.com/lists/oss-security/2013/03/18/4 Created rubygem-activesupport tracking bugs for this issue Affects: fedora-all [bug 922925] Please note that these patches were not affected by the upstream changes. This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products. |