Bug#714562: opu: package libopenid-ruby/2.1.8debian-1+squeeze1
Control: tags -1 + pending
On Sun, 2013-06-30 at 21:38 +0100, Adam D. Barratt wrote:
> On Sun, 2013-06-30 at 22:26 +0200, Cédric Boutillier wrote:
> > As a follow-up of a security bug [1], I have been advised to provide a
> > fix of this package through oldstable-proposed-updates. The proposed
> > update applies a patch from upstream which prevents possible XML denial
> > of service attacks by limiting the size of fetched file and disabling
> > XML entity expansion.
>
> Please go ahead; thanks.
Flagged for acceptance.
Regards,
Adam
Reply to: