← Back to branch summary

~ubuntu-branches/ubuntu/quantal/ruby-openid/quantal-security

~ubuntu-branches/ubuntu/quantal/ruby-openid/quantal-security

Viewing all changes in revision 5.

Committer: Package Import Robot
Author(s): Christian Kuersteiner
Date: 2013-06-12 16:37:06 UTC
Revision ID: package-import@ubuntu.com-20130612163706-pyvvqvnfp1gdd9uz

Tags: 2.1.8debian-5ubuntu0.1

https://launchpad.net/bugs/1190179

* SECURITY UPDATE: XML denial of service attack (LP: #1190179)
  - debian/patches/02_CVE_2013_1812.patch: lib/openid/fetchers.rb,
    lib/openid/yadis/xrds.rb: limit fetching file size & disable XML entity
    expansion. Based on upstream patch.
  - CVE-2013-1812

files added:
.pc/.quilt_patches

.pc/.quilt_series

.pc/02_CVE_2013_1812.patch

.pc/02_CVE_2013_1812.patch/lib

.pc/02_CVE_2013_1812.patch/lib/openid

.pc/02_CVE_2013_1812.patch/lib/openid/fetchers.rb

.pc/02_CVE_2013_1812.patch/lib/openid/yadis

.pc/02_CVE_2013_1812.patch/lib/openid/yadis/xrds.rb

debian/patches/02_CVE_2013_1812.patch

files modified:
.pc/applied-patches

debian/changelog

debian/control

debian/patches/series

lib/openid/fetchers.rb

lib/openid/yadis/xrds.rb

Show diffs side-by-side

added added

removed removed

.pc/.quilt_patches

.pc/.quilt_series

.pc/02_CVE_2013_1812.patch/

.pc/02_CVE_2013_1812.patch/lib/

.pc/02_CVE_2013_1812.patch/lib/openid/

.pc/02_CVE_2013_1812.patch/lib/openid/fetchers.rb

.pc/02_CVE_2013_1812.patch/lib/openid/yadis/

.pc/02_CVE_2013_1812.patch/lib/openid/yadis/xrds.rb

.pc/applied-patches

debian/changelog

debian/patches/02_CVE_2013_1812.patch

debian/patches/series

lib/openid/fetchers.rb

lib/openid/yadis/xrds.rb

Older »