From $URL : Apparently, the multi_xml ruby gem has the same issue as CVE-2013-0156. Can a new CVE be assigned to track it specifically as well, or would policy dictate that this issue be considered part of the original CVE? https://gist.github.com/d7f6d9f4925f413621aa https://github.com/sferik/multi_xml/pull/34 https://news.ycombinator.com/item?id=5040457 ~reed
multi_xml 0.5.2 is now in the tree.
(In reply to comment #1) > multi_xml 0.5.2 is now in the tree. Thanks, Hans. Please don't forget to drop the vulnerable version. Closing noglsa for ~arch only package.
(In reply to comment #2) > Thanks, Hans. Please don't forget to drop the vulnerable version. Done.