Hi,
A bug of the monkey patch to fix the DoS vulenerability in REXML has
been discovered.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502535
This is not a vulnerability, but I have fixed the monkey patch.
http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix2.rb
The bug has been also fixed in trunk and ruby_1_8.
Thanks,