Debian Security Advisory

DLA-229-1 libnokogiri-ruby -- LTS security update

Date Reported:
27 May 2015
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2012-6685.
More information:

An XML eXternal Entity (XXE) flaw was found in Nokogiri, a Ruby gem for parsing HTML, XML, and SAX. Using external XML entities, a remote attacker could specify a URL in a specially crafted XML that, when parsed, would cause a connection to that URL to be opened.

This update enables the nonet option by default (and provides new methods to disable default options if needed).