Attachment #223857 for bug #254793

View | Details | Raw Unified | Return to bug 254793 | Differences between
Collapse All | Expand All




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="dec7e4b6-961a-11eb-9c34-080027f515ea">
    <topic>ruby -- XML round-trip vulnerability in REXML</topic>
    <affects>
      <package>
	<name>ruby</name>
	<range><ge>2.5.0,1</ge><lt>2.5.9,1</lt></range>
	<range><ge>2.6.0,1</ge><lt>2.6.7,1</lt></range>
	<range><ge>2.7.0,1</ge><lt>2.7.3,1</lt></range>
	<range><ge>3.0.0.p1,1</ge><lt>3.0.1,1</lt></range>
      </package>
      <package>
	<name>rubygem-rexml</name>
	<range><lt>3.2.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Juho Nurminen  reports:</p>
	<blockquote cite="https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/">
	  <p>
	    When parsing and serializing a crafted XML document, REXML gem
	    (including the one bundled with Ruby) can create a wrong XML
	    document whose structure is different from the original one.
	    The impact of this issue highly depends on context, but it may
	    lead to a vulnerability in some programs that are using REXML.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-28965</cvename>
      <url>https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/</url>
    </references>
    <dates>
      <discovery>2021-04-05</discovery>
      <entry>2021-04-05</entry>
    </dates>
  </vuln>

  <vuln vid="bddadaa4-9227-11eb-99c5-e09467587c17">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
- 

Return to bug 254793

Lines 78-83 Notes: Link Here

(-)b/security/vuxml/vuln.xml (-1 / +39 lines)
78	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	78	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
79	-->	79	-->
80	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	80	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		81	<vuln vid="dec7e4b6-961a-11eb-9c34-080027f515ea">
		82	<topic>ruby -- XML round-trip vulnerability in REXML</topic>
		83	<affects>
		84	<package>
		85	<name>ruby</name>
		86	<range><ge>2.5.0,1</ge><lt>2.5.9,1</lt></range>
		87	<range><ge>2.6.0,1</ge><lt>2.6.7,1</lt></range>
		88	<range><ge>2.7.0,1</ge><lt>2.7.3,1</lt></range>
		89	<range><ge>3.0.0.p1,1</ge><lt>3.0.1,1</lt></range>
		90	</package>
		91	<package>
		92	<name>rubygem-rexml</name>
		93	<range><lt>3.2.5</lt></range>
		94	</package>
		95	</affects>
		96	<description>
		97	<body xmlns="http://www.w3.org/1999/xhtml">
		98	<p>Juho Nurminen reports:</p>
		99	<blockquote cite="https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/">
		100	<p>
		101	When parsing and serializing a crafted XML document, REXML gem
		102	(including the one bundled with Ruby) can create a wrong XML
		103	document whose structure is different from the original one.
		104	The impact of this issue highly depends on context, but it may
		105	lead to a vulnerability in some programs that are using REXML.
		106	</p>
		107	</blockquote>
		108	</body>
		109	</description>
		110	<references>
		111	<cvename>CVE-2021-28965</cvename>
		112	<url>https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/</url>
		113	</references>
		114	<dates>
		115	<discovery>2021-04-05</discovery>
		116	<entry>2021-04-05</entry>
		117	</dates>
		118	</vuln>
		119
81	<vuln vid="bddadaa4-9227-11eb-99c5-e09467587c17">	120	<vuln vid="bddadaa4-9227-11eb-99c5-e09467587c17">
82	<topic>chromium -- multiple vulnerabilities</topic>	121	<topic>chromium -- multiple vulnerabilities</topic>
83	<affects>	122	<affects>
84	-