File _patchinfo of Package patchinfo.36162
<patchinfo incident="36162"> <issue tracker="bnc" id="1224390">VUL-0: CVE-2024-35176: ruby3.2, rubygem-rexml: denial of service when parsing an XML that has many left angled brackets in an attribute value</issue> <issue tracker="bnc" id="1229673">VUL-0: CVE-2024-43398: ruby3.2,rubygem-rexml: denial of service when parsing a XML that has many deep elements with the same local name attributes</issue> <issue tracker="bnc" id="1228072">VUL-0: CVE-2024-39908: ruby3.2, rubygem-rexml: ReDoS when parsing an XML that has many specific characters</issue> <issue tracker="bnc" id="1228799">VUL-0: CVE-2024-41946: ruby3.2, rubygem-rexml: denial of service when parsing an XML that has many entity expansions with SAX2 or pull parser API</issue> <issue tracker="bnc" id="1228794">VUL-0: CVE-2024-41123: ruby3.2, rubygem-rexml: denial of service when parsing an XML that contains many specific characters such as whitespaces, >] and ]></issue> <issue tracker="cve" id="2024-35176"/> <issue tracker="cve" id="2024-43398"/> <issue tracker="cve" id="2024-41946"/> <issue tracker="cve" id="2024-39908"/> <issue tracker="cve" id="2024-41123"/> <packager>srbaker</packager> <rating>important</rating> <category>security</category> <summary>Security update for ruby2.5</summary> <description>This update for ruby2.5 fixes the following issues: - CVE-2024-43398: Fixed DoS when parsing a XML that has many deep elements with the same local name attributes (bsc#1229673) - CVE-2024-41123: Fixed DoS when parsing an XML that contains many specific characters such as whitespaces, >] and ]> (bsc#1228794) - CVE-2024-41946: Fixed DoS when parsing an XML that has many entity expansions with SAX2 or pull parser API (bsc#1228799) - CVE-2024-35176: Fixed DoS when parsing an XML that has many left angled brackets in an attribute value (bsc#1224390) - CVE-2024-39908: Fixed ReDos when parsing an XML that has many specific characters (bsc#1228072) </description> </patchinfo>
