-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers
-
Date:
2014-11-03 09:25:06 UTC
-
Revision ID:
package-import@ubuntu.com-20141103092506-w0hrbh1sjmzr8tea
Tags: 1.9.3.484-2ubuntu1.1
* SECURITY UPDATE: denial of service via buffer overrun in encodes
function
- debian/patches/CVE-2014-4975.patch: properly calculate buffer size
in pack.c.
- CVE-2014-4975
* SECURITY UPDATE: denial of service via XML expansion
- debian/patches/CVE-2014-8080.patch: limit expansions in
lib/rexml/entity.rb, added tests to test/rexml/test_document.rb,
test/rexml/test_entity.rb.
- CVE-2014-8080