A new minor update to ruby 1.9 was announced today (February 22): http://www.ruby-lang.org/en/news/2013/02/22/ruby-1-9-3-p392-is-released/ It fixes the ruby-json vulnerability in the bundled copy (CVE-2013-0269) as well as a new DoS vulnerability in REXML which doesn't have a CVE yet: http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/ Reproducible: Steps to Reproduce:
Fixed by Funda in ruby-1.9.3.p392-1.mga3.
Status: NEW => RESOLVEDResolution: (none) => FIXED