Package: libopenid-ruby / 2.1.8debian-1+squeeze1

Metadata

Package Version Patches format
libopenid-ruby 2.1.8debian-1+squeeze1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
use system installed hmac | (download)

lib/openid/cryptutil.rb | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 
---
fix_CVE 2013 1812 | (download)

lib/openid/fetchers.rb | 21 17 + 4 - 0 !
lib/openid/yadis/xrds.rb | 34 22 + 12 - 0 !
2 files changed, 39 insertions(+), 16 deletions(-)

 
 limit fetching file size & disable xml entity expansion
  This prevents possible XML denial of service attacks [CVE-2013-1812]