ruby: update to fix XML and JSON security problems
Ruby 1.8 was updated to fix a XML entity expansion denial of service attack (CVE-2013-1821)
Ruby 1.9 was updated to 1.9.3 p392, fixing the same security issues and also:
- update json intree to 1.5.5:
Denial of Service and Unsafe Object Creation Vulnerability in
JSON CVE-2013-0269
- limit entity expansion text limit to 10kB CVE-2013-1821
- get rid of a SEGV when calling rb_iter_break() from some
extention libraries.
- some warning suppressed and smaller fixes
-
Submitted by
Marcus Rueckert (darix)
Fixed bugs
bnc#808137
VUL-1: CVE-2013-1821: ruby: entity expansion DoS vulnerability in REXML
bnc#803342
VUL-0: CVE-2013-0269: ruby19/rubygem-json: Denial of Service and Unsafe Object Creation Vulnerability in JSON
