oss-sec mailing list archives
CVE Request (ruby)
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 25 Aug 2008 15:20:31 +0200
Hello Steve, Ruby upstream has announced another security flaw (DoS vulnerability in REXML module): http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/ Test case available in part: "Impact". Proposed preliminary fix: http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb Testing status: REXML parsing of provided *.xml file causes 100% cpu usage for about 1 and 1/4 minutes (checked the ruby-1.8.5-5.5 case). Could you please assign a CVE id for it? Thank you in advance. Kind regards Jan iankko Lieskovsky RH Security Response Team
Current thread:
- CVE Request (ruby) Jan Lieskovsky (Aug 25)
- Re: CVE Request (ruby) Pınar Yanardağ (Aug 26)
- Re: CVE Request (ruby) Steven M. Christey (Aug 26)