Summary: | <dev-ruby/nokogiri-1.6.4.1: Two Denial of Service Vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ruby |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/56179/ | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-12-24 11:52:52 UTC
Upstream doesn't have release tags for these versions so we can't easily bump this. I've filed a bug for this: https://github.com/sparklemotion/nokogiri/issues/1025 Note that this issue only affects nokogiri when used with jruby. The wording in the bug is ambigous regarding 1.6.1, but this is also only relevant when using jruby. Current stable nokogiri version is 1.6.4.1 and I just removed 1.5.10 which was still vulnerable. All vulnerable versions have been removed. GLSA Coordinators: Please vote Arches and Maintainer(s), Thank you for your work. GLSA Vote: No GLSA Vote: No |