Debian Security Advisory
DLA-229-1 libnokogiri-ruby -- LTS security update
- Date Reported:
- 27 May 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-6685.
- More information:
An XML eXternal Entity (XXE) flaw was found in Nokogiri, a Ruby gem for parsing HTML, XML, and SAX. Using external XML entities, a remote attacker could specify a URL in a specially crafted XML that, when parsed, would cause a connection to that URL to be opened.
This update enables the
nonetoption by default (and provides new methods to disable default options if needed).