Bug 877506

Summary: VUL-0: rubygem-nokogiri: CVE-2013-2877 and CVE-2014-0191 backport of fixes
Product: [Novell Products] SUSE Security Incidents Reporter: Sebastian Krahmer <krahmer>
Component: IncidentsAssignee: Jordi Massaguer <jmassaguerpla>
Status: VERIFIED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: mrueckert, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVSSv2:SUSE:CVE-2014-0191:7.1:(AV:N/AC:M/Au:N/C:N/I:N/A:C)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Sebastian Krahmer 2014-05-13 14:10:02 UTC
Via ruby-security list:

nokogiri version 1.6.2 has been released.

A set of security and bugfix patches have been backported from the libxml2
and libxslt repositories onto the versions of 2.8.0/1.1.28 packaged with
Nokogiri, including these notable security fixes:

* CVE-2013-2877
* CVE-2014-0191

It is recommended that you upgrade from 1.6.x to this version as soon as
Comment 1 Marcus Rückert 2014-05-13 15:01:50 UTC
This is imho a noop for us. we are not using the intree libxml copy. the fixes mentioned there only apply to the intree copy.
Comment 2 Swamp Workflow Management 2014-05-13 22:00:26 UTC
bugbot adjusting priority