Bug 9160

Summary: ruby new security issues fixed in 1.9.3-p392
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Funda Wang <fundawang>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://www.ruby-lang.org/en/news/2013/02/22/ruby-1-9-3-p392-is-released/
Whiteboard:
Source RPM: ruby CVE:
Status comment:

Description David Walser 2013-02-22 18:51:50 CET 
A new minor update to ruby 1.9 was announced today (February 22):
http://www.ruby-lang.org/en/news/2013/02/22/ruby-1-9-3-p392-is-released/

It fixes the ruby-json vulnerability in the bundled copy (CVE-2013-0269) as well as a new DoS vulnerability in REXML which doesn't have a CVE yet:
http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2013-02-26 12:39:43 CET 
Fixed by Funda in ruby-1.9.3.p392-1.mga3.

Status: NEW => RESOLVED
Resolution: (none) => FIXED