Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to perform an XML round-trip attack.
{ "availability": "No subscription required", "binaries": [ { "libruby2.3-dbgsym": "2.3.1-2~ubuntu16.04.16", "ruby2.3-tcltk": "2.3.1-2~ubuntu16.04.16", "ruby2.3-dev-dbgsym": "2.3.1-2~ubuntu16.04.16", "libruby2.3-dbg": "2.3.1-2~ubuntu16.04.16", "ruby2.3-dev": "2.3.1-2~ubuntu16.04.16", "ruby2.3-dbgsym": "2.3.1-2~ubuntu16.04.16", "libruby2.3": "2.3.1-2~ubuntu16.04.16", "ruby2.3-tcltk-dbgsym": "2.3.1-2~ubuntu16.04.16", "ruby2.3": "2.3.1-2~ubuntu16.04.16", "ruby2.3-doc": "2.3.1-2~ubuntu16.04.16" } ] }