Package : libnokogiri-ruby Version : 1.4.0-4+deb6u1 CVE ID : CVE-2012-6685 An XML eXternal Entity (XXE) flaw was found in Nokogiri, a Ruby gem for parsing HTML, XML, and SAX. Using external XML entities, a remote attacker could specify a URL in a specially crafted XML that, when parsed, would cause a connection to that URL to be opened. This update enables the "nonet" option by default (and provides new methods to disable default options if needed). -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
Attachment:
signature.asc
Description: Digital signature