Debian Security Advisory

DLA-172-1 libextlib-ruby -- LTS security update

Date Reported:
14 Mar 2015
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 697895.
In Mitre's CVE dictionary: CVE-2013-0156.
More information:

Import patches 633974b2759d9b92 and 4540e7102b803624 from uptream to remove symbol and YAML coercion from the XML parser.

For Debian 6 Squeeze, these issues have been fixed in libextlib-ruby version 0.9.13-2+deb6u1