[FREEBSD:844CF3F5-9259-4B3E-AC9E-13CA17333ED7] ruby -- DoS vulnerability in REXML

Affected Packages 1

Ruby developers report:

  Unrestricted entity expansion can lead to a DoS vulnerability in
     REXML. (The CVE identifier will be assigned later.) We strongly
     recommend to upgrade ruby.

  When reading text nodes from an XML document, the REXML parser can
     be coerced in to allocating extremely large string objects which
     can consume all of the memory on a machine, causing a denial of
     service.

Package	Affected Version
pkg:freebsd/ruby	< 1.9.3.392,1

ID: FREEBSD:844CF3F5-9259-4B3E-AC9E-13CA17333ED7
URL: http://vuxml.freebsd.org/freebsd/844cf3f5-9259-4b3e-ac9e-13ca17333ed7.html
Published: 2013-02-22T00:00:00
(11 years ago)
Modified: 2013-02-24T00:00:00
(11 years ago)
Rights: FreeBSD VuXML Security Team

Source	# ID	Name	URL
FreeBSD VuXML			http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:freebsd/ruby		ruby	< 1.9.3.392,1