Hi Please also address the issue below. A CVE id for this issue has been requested. Thanks for your work.
Cheers Steffen Ruby upstream has announced another security flaw (DoS vulnerability in REXML module): http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/ Test case available in part: "Impact". Proposed preliminary fix: http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb Testing status: REXML parsing of provided *.xml file causes 100% cpu usage for about 1 and 1/4 minutes (checked the ruby-1.8.5-5.5 case).
signature.asc
Description: This is a digitally signed message part.
