Bugzilla – Bug 856830
VUL-1: CVE-2013-6461: rubygem-nokogiri: Multiple DoS vulnerabilities
Last modified: 2016-04-27 20:08:15 UTC
CVE-2013-6461 / CVE-2013-6460 (one of the xml expansion problems resurfaced) From: Ratul Gupta <ratulg@redhat.com> Subject: [oss-security] CVE Request: rubygem-nokogiri Multiple DoS vulnerabilities Hello, 1) https://bugzilla.redhat.com/show_bug.cgi?id=1046663 Nokogiri gem for Ruby was found to be affected by a DoS vulnerability, where an error when parsing XML documents can be exploited by an attacker to cause an infinite loop and subsequently exhaust memory and cause a crash via a specially crafted XML document. 2) https://bugzilla.redhat.com/show_bug.cgi?id=1046664 Nokogiri gem for Ruby was found to be affected by a DoS vulnerability, where an error when parsing XML entities and can be exploited to exhaust memory and cause a crash via a specially crafted XML document including external entity references. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6460 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6461 https://bugzilla.redhat.com/show_bug.cgi?id=1046663 https://bugzilla.redhat.com/show_bug.cgi?id=1046664 http://comments.gmane.org/gmane.comp.security.oss.general/11748
Original References: https://bugs.gentoo.org/show_bug.cgi?id=495218 Original Advisory: https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA
bugbot adjusting priority
As stated in the original advisory, this affects jruby. We don't ship jruby thus I would suggest we close this bug.
yep, lets do this