File tree Expand file tree Collapse file tree 1 file changed +42
-0
lines changed Expand file tree Collapse file tree 1 file changed +42
-0
lines changed Original file line number Diff line number Diff line change 1+ ---
2+ gem : nokogiri
3+ cve : 2015-8806
4+ url : https://github.com/sparklemotion/nokogiri/issues/1473
5+ title : Denial of service or RCE from libxml2 and libxslt
6+ date : 2016-06-07
7+ description : |
8+ Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt,
9+ which are libraries Nokogiri depends on. It was discovered that libxml2 and
10+ libxslt incorrectly handled certain malformed documents, which can allow
11+ malicious users to cause issues ranging from denial of service to remote code
12+ execution attacks.
13+
14+ For more information, the Ubuntu Security Notice is a good start:
15+ http://www.ubuntu.com/usn/usn-2994-1/
16+
17+ patched_versions :
18+ - " >= 1.6.8"
19+ unaffected_versions :
20+ - " < 1.6.0"
21+ related :
22+ cve :
23+ - 2016-1762
24+ - 2016-1833
25+ - 2016-1834
26+ - 2016-1835
27+ - 2016-1836
28+ - 2016-1837
29+ - 2016-1838
30+ - 2016-1839
31+ - 2016-1840
32+ - 2016-2073
33+ - 2016-3627
34+ - 2016-3705
35+ - 2016-4447
36+ - 2016-4449
37+ - 2016-4483
38+ url :
39+ - https://github.com/sparklemotion/nokogiri/issues/1473
40+ - https://github.com/sparklemotion/nokogiri/commit/03d402212707bd5dfa0a21b7de5e91a7f9d90028
41+ - https://mail.gnome.org/archives/xml/2016-May/msg00023.html
42+ - http://www.ubuntu.com/usn/usn-2994-1/
You can’t perform that action at this time.
0 commit comments