Debian Security Advisory
DLA-172-1 libextlib-ruby -- LTS security update
- Date Reported:
- 14 Mar 2015
- Affected Packages:
- libextlib-ruby
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 697895.
In Mitre's CVE dictionary: CVE-2013-0156. - More information:
-
Import patches 633974b2759d9b92 and 4540e7102b803624 from uptream to remove symbol and YAML coercion from the XML parser.
For Debian 6
Squeeze
, these issues have been fixed in libextlib-ruby version 0.9.13-2+deb6u1