CVE-2013-1812

Publication date 12 December 2013

Last updated 24 July 2024


Ubuntu priority

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
libopenid-ruby 13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise
Fixed 2.1.8debian-1ubuntu0.1
11.10 oneiric Ignored end of life
10.04 LTS lucid
Fixed 2.1.7debian-1ubuntu0.1
8.04 LTS hardy Not in release
ruby-openid 13.04 raring
Not affected
12.10 quantal
Fixed 2.1.8debian-5ubuntu0.1
12.04 LTS precise Not in release
11.10 oneiric Not in release
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
ruby-openid