Nokogiri gem for Ruby was found to be affected by a DoS vulnerability, where an error when parsing XML entities and can be exploited to exhaust memory and cause a crash via a specially crafted XML document including external entity references.
This issue is said to be affecting the versions 1.5.x and 1.6.x, 1.4.x and earlier versions are reported to be not affected by this vulnerability.
This issue is said to be fixed in versions 1.5.11 and 1.6.1.
Created rubygem-nokogiri tracking bugs for this issue:
Affects: fedora-all [bug 1046665]
Setting needinfo also here. See bug 1046663 comment 2
This issue does not affect anything we ship. While the nokogiri rubygem is included in Fedora and EPEL, there is no JRuby implementation provided on either platform.