From owner-svn-ports-head@FreeBSD.ORG Sun Feb 24 18:21:03 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id A3F36E36; Sun, 24 Feb 2013 18:21:03 +0000 (UTC) (envelope-from swills@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 95311D4B; Sun, 24 Feb 2013 18:21:03 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r1OIL3SF037347; Sun, 24 Feb 2013 18:21:03 GMT (envelope-from swills@svn.freebsd.org) Received: (from swills@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r1OIL3Af037346; Sun, 24 Feb 2013 18:21:03 GMT (envelope-from swills@svn.freebsd.org) Message-Id: <201302241821.r1OIL3Af037346@svn.freebsd.org> From: Steve Wills Date: Sun, 24 Feb 2013 18:21:03 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r312887 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Feb 2013 18:21:03 -0000 Author: swills Date: Sun Feb 24 18:21:02 2013 New Revision: 312887 URL: http://svnweb.freebsd.org/changeset/ports/312887 Log: - Document Ruby REXML DoS Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sun Feb 24 17:51:49 2013 (r312886) +++ head/security/vuxml/vuln.xml Sun Feb 24 18:21:02 2013 (r312887) @@ -51,6 +51,39 @@ Note: Please add new entries to the beg --> + + ruby -- DoS vulnerability in REXML + + + ruby + 1.9,11.9.3.392,1 + + + + +

Ruby developers report:

+
+

Unrestricted entity expansion can lead to a DoS vulnerability in + REXML. (The CVE identifier will be assigned later.) We strongly + recommend to upgrade ruby. +

+

When reading text nodes from an XML document, the REXML parser can + be coerced in to allocating extremely large string objects which + can consume all of the memory on a machine, causing a denial of + service. +

+
+ + + + http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/ + + + 2013-02-22 + 2013-02-24 + + + rubygem-ruby_parser -- insecure tmp file usage