A bug of the monkey patch for REXML


#1

Hi,

A bug of the monkey patch to fix the DoS vulenerability in REXML has
been discovered.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502535

This is not a vulnerability, but I have fixed the monkey patch.

http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix2.rb

The bug has been also fixed in trunk and ruby_1_8.

Thanks,