Hi,

A bug of the monkey patch to fix the DoS vulenerability in REXML has
been discovered.

  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502535

This is not a vulnerability, but I have fixed the monkey patch.

  http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix2.rb

The bug has been also fixed in trunk and ruby_1_8.

Thanks,
-- 
Shugo Maeda