A bug was found in the way ruby creates its http (and thus xmlrpc) server. The server uses blocking sockets, so if it is possible to send a very large amount of data via the socket, the server will block other connections resulting in a denial of service.
Ruby please advise and bump as needed.
Looks to me like this is fixed in 1.8.4 (possibly 1.8.3, though I don't have that on my system to check). I'd recommend having the remaining arches bump to 1.8.4-r1 (or newer) to stable to fix this issue.
Thx Caleb, amd64 seems to be the only arch needing to test 1.8.4
amd64 is late
amd64 stable. it seems you have missed hppa, they have 1.0.3 stable but not 1.0.4-r1
stable on hppa as well.
I tend to vote yes, but very light one.
Half YES from me.
don't know
I tend to vote YES as well.
So let's have one.
I tend to see a yes, too, but actually I'm a little afraid we're opening pandoras box if we're going to include everything like this.
GLSA 200605-11