Bug 877506 - VUL-0: rubygem-nokogiri: CVE-2013-2877 and CVE-2014-0191 backport of fixes
VUL-0: rubygem-nokogiri: CVE-2013-2877 and CVE-2014-0191 backport of fixes
Status: VERIFIED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Jordi Massaguer
Security Team bot
CVSSv2:SUSE:CVE-2014-0191:7.1:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-05-13 14:10 UTC by Sebastian Krahmer
Modified: 2022-02-13 11:07 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2014-05-13 14:10:02 UTC
Via ruby-security list:

nokogiri version 1.6.2 has been released.

A set of security and bugfix patches have been backported from the libxml2
and libxslt repositories onto the versions of 2.8.0/1.1.28 packaged with
Nokogiri, including these notable security fixes:

*
https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f
* CVE-2013-2877
https://git.gnome.org/browse/libxml2/commit/?id=e50ba8164eee06461c73cd8abb9b46aa0be81869
* CVE-2014-0191
https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df

It is recommended that you upgrade from 1.6.x to this version as soon as
possible.
Comment 1 Marcus Rückert 2014-05-13 15:01:50 UTC
This is imho a noop for us. we are not using the intree libxml copy. the fixes mentioned there only apply to the intree copy.
Comment 2 Swamp Workflow Management 2014-05-13 22:00:26 UTC
bugbot adjusting priority