Thanks for the additional testing; the patch looked reasonable, so
making sure the package worked is likely sufficient; actually exploiting
this vulnerability would be enough extra work that I think the effort
would be better spent elsewhere.
Thanks Christian
--
You received this bug notificatio
This bug was fixed in the package ruby-openid - 2.1.8debian-5ubuntu0.1
---
ruby-openid (2.1.8debian-5ubuntu0.1) quantal-security; urgency=low
* SECURITY UPDATE: XML denial of service attack (LP: #1190179)
- debian/patches/02_CVE_2013_1812.patch: lib/openid/fetchers.rb,
lib
Finally I managed to run the rails_openid example. I created a new empty rails2
application with 'rails openid' and copied the relevant files from the example
to the new application.
Like this I could start the example application and create a new identity.
However I could not start the second s
** Changed in: ruby-openid (Ubuntu Quantal)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1190179
Title:
XML denial of service vulnerability
To manage notifications
Thanks, patch looked good; I changed SECURITY-UPDATE to SECURITY UPDATE
in the changelog (to make 'umt check' happy), and confirmed that at
least the simple "require 'openid'" test functioned before and after the
update. I wish we had a way to test this, however.
Can you figure out how to run the
New debdiff to correctly set Maintainer in debian/control.
** Patch added: "lp1190179-quantal-1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/ruby-openid/+bug/1190179/+attachment/3702015/+files/lp1190179-quantal-1.debdiff
--
You received this bug notification because you are a member of
** Also affects: ruby-openid (Ubuntu Quantal)
Importance: Undecided
Status: New
** Changed in: ruby-openid (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.ne
Debdiff for quantal.
Tests done:
- Builds with pbuilder.
- Can install and upgrade cleanly.
** Patch added: "lp1190179-quantal.debdiff"
https://bugs.launchpad.net/ubuntu/+source/ruby-openid/+bug/1190179/+attachment/3701416/+files/lp1190179-quantal.debdiff
--
You received this bug notificati
