CVE-2013-4363: RubyGems validates versions with a regular expression that is vulnerable to denial of service due to backtracking. For specially crafted RubyGems versions attackers can cause denial of service through CPU consumption. The ruby-RubyGems was updated to latest 1.8.27 to fix above problems. URL: https://bugzilla.redhat.com/show_bug.cgi?id=1002364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4287 http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html Reproducible: Steps to Reproduce:
We already have a bug for this. Thanks for updating it though! *** This bug has been marked as a duplicate of bug 11276 ***
Status: NEW => RESOLVEDCC: (none) => luigiwalserResolution: (none) => DUPLICATE