Name: CVE-2013-1821 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1821 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130219 Category: Reference: MLIST:[oss-security] 20130306 CVE for Ruby Entity expansion DoS vulnerability in REXML (XML bomb) Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/06/5 Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525 Reference: MISC:https://bugzilla.redhat.com/show_bug.cgi?id=914716 Reference: CONFIRM:http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384 Reference: CONFIRM:http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/ Reference: REDHAT:RHSA-2013:0611 Reference: URL:http://rhn.redhat.com/errata/RHSA-2013-0611.html Reference: SLACKWARE:SSA:2013-075-01 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2013-03/0104.html Reference: SUSE:openSUSE-SU-2013:0603 Reference: URL:http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html Reference: SUSE:openSUSE-SU-2013:0614 Reference: URL:http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html Reference: UBUNTU:USN-1780-1 Reference: URL:http://www.ubuntu.com/usn/USN-1780-1 Reference: SECUNIA:52783 Reference: URL:http://secunia.com/advisories/52783 Reference: SECUNIA:52902 Reference: URL:http://secunia.com/advisories/52902 lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack. Reproducible: Steps to Reproduce:
NOTE: this is fixed in updates_testing/ruby-1.8.7.p358-1.3.mga2.src.rpm with: ruby-2.0.0-add-missing-rexml-require.patch ruby-2.0.0-entity-expansion-DoS-vulnerability-in-REXML.patch
How I hate the mga rpm changelogs...
Status: NEW => RESOLVEDResolution: (none) => INVALID
Fixed in Bug 9300. Oden, forget about the package changelogs. Bugzilla has this nice search feature. Go to the Search page, make sure you have Advanced Search selected (tab at top). Under Status:, hold the Ctrl key and click on RESOLVED. Then search for the package name you're interested in. Almost all of the security bugs have the CVE(s) at the end of the bug name. *** This bug has been marked as a duplicate of bug 9300 ***
CC: (none) => luigiwalserResolution: INVALID => DUPLICATE
Note that you can also look at svnweb, which usually has the CVEs in the commit messages (not always in Cauldron, but almost always in stable). For instance: http://svnweb.mageia.org/packages/updates/2/ruby/current/SPECS/ruby.spec?view=log