Executive Summary
Summary | |
---|---|
Title | ruby security update |
Informations | |||
---|---|---|---|
Name | RHSA-2013:0612 | First vendor Publication | 2013-03-07 |
Vendor | RedHat | Last vendor Modification | 2013-03-07 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially-crafted XML content, which will result in REXML consuming large amounts of system memory. (CVE-2013-1821) It was found that the RHSA-2011:0910 update did not correctly fix the CVE-2011-1005 issue, a flaw in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2012-4481) The CVE-2012-4481 issue was discovered by Vit Ondruch of Red Hat. All users of Ruby are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 863484 - CVE-2012-4481 ruby: Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects 914716 - CVE-2013-1821 ruby: entity expansion DoS vulnerability in REXML |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2013-0612.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-264 | Permissions, Privileges, and Access Controls |
33 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17395 | |||
Oval ID: | oval:org.mitre.oval:def:17395 | ||
Title: | USN-1780-1 -- Ruby vulnerability | ||
Description: | Ruby could be made to hang if it received specially crafted input. | ||
Family: | unix | Class: | patch |
Reference(s): | usn-1780-1 CVE-2013-1821 | Version: | 9 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | ruby1.8 ruby1.9.1 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17844 | |||
Oval ID: | oval:org.mitre.oval:def:17844 | ||
Title: | USN-1603-2 -- ruby1.8 vulnerabilities | ||
Description: | Ruby could allow excessive access in untrusted programs. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1603-2 CVE-2012-4466 CVE-2012-4481 | Version: | 7 |
Platform(s): | Ubuntu 12.10 | Product(s): | ruby1.8 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:17988 | |||
Oval ID: | oval:org.mitre.oval:def:17988 | ||
Title: | USN-1603-1 -- ruby1.8 vulnerabilities | ||
Description: | Ruby could allow excessive access in untrusted programs. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1603-1 CVE-2012-4466 CVE-2012-4481 | Version: | 7 |
Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | ruby1.8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20593 | |||
Oval ID: | oval:org.mitre.oval:def:20593 | ||
Title: | RHSA-2013:0612: ruby security update (Moderate) | ||
Description: | lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0612-01 CESA-2013:0612 CVE-2012-4481 CVE-2013-1821 | Version: | 31 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | ruby |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20774 | |||
Oval ID: | oval:org.mitre.oval:def:20774 | ||
Title: | RHSA-2013:0611: ruby security update (Moderate) | ||
Description: | lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0611-00 CESA-2013:0611 CVE-2013-1821 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | ruby |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21638 | |||
Oval ID: | oval:org.mitre.oval:def:21638 | ||
Title: | RHSA-2011:0909: ruby security update (Moderate) | ||
Description: | The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0909-01 CESA-2011:0909 CVE-2009-4492 CVE-2010-0541 CVE-2011-0188 CVE-2011-1004 CVE-2011-1005 | Version: | 68 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | ruby |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23161 | |||
Oval ID: | oval:org.mitre.oval:def:23161 | ||
Title: | ELSA-2013:0611: ruby security update (Moderate) | ||
Description: | lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0611-00 CVE-2013-1821 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | ruby |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24992 | |||
Oval ID: | oval:org.mitre.oval:def:24992 | ||
Title: | SUSE-SU-2014:0689-1 -- Security update for Ruby | ||
Description: | This Ruby update fixes the following security issue: * bnc#808137: Fixed entity expansion DoS vulnerability in REXML (CVE-2013-1821). Security Issue reference: * CVE-2013-1821 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1821> | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:0689-1 CVE-2013-1821 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | Ruby |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26833 | |||
Oval ID: | oval:org.mitre.oval:def:26833 | ||
Title: | DEPRECATED: ELSA-2013-0612 -- ruby security update (moderate) | ||
Description: | [1.8.7.352-10] - escaping vulnerability about Exception#to_s / NameError#to_s * ruby-1.8.7-p371-CVE-2012-4481.patch - Related: rhbz#915379 [1.8.7.352-9] - Fix regression introduced by fix for entity expansion DOS vulnerability in REXML (https://bugs.ruby-lang.org/issues/7961) * ruby-2.0.0-add-missing-rexml-require.patch - Related: rhbz#915379 [1.8.7.352-8] - Addresses entity expansion DoS vulnerability in REXML. * ruby-2.0.0-entity-expansion-DoS-vulnerability-in-REXML.patch - Resolves: rhbz#915379 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0612 CVE-2012-4481 CVE-2013-1821 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | ruby |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27487 | |||
Oval ID: | oval:org.mitre.oval:def:27487 | ||
Title: | DEPRECATED: ELSA-2013-0611 -- ruby security update (moderate) | ||
Description: | [1.8.5-29] - Fix regression introduced by fix for entity expansion DOS vulnerability in REXML (https://bugs.ruby-lang.org/issues/7961) * ruby-2.0.0-add-missing-rexml-require.patch - Related: rhbz#915377 [1.8.5-28] - Addresses entity expansion DoS vulnerability in REXML. * ruby-2.0.0-entity-expansion-DoS-vulnerability-in-REXML.patch - Resolves: rhbz#915377 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0611 CVE-2013-1821 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | ruby |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28124 | |||
Oval ID: | oval:org.mitre.oval:def:28124 | ||
Title: | DEPRECATED: ELSA-2011-0909 -- ruby security update (moderate) | ||
Description: | [1.8.5-19.el5_6.1] - Address CVE-2011-1004 'Symlink race condition by removing directory trees in fileutils module' * ruby-1.8.7-CVE-2011-1004.patch - Address CVE-2011-1005 'Untrusted codes able to modify arbitrary strings' * ruby-1.8.7-CVE-2011-1005.patch - Address CVE-2011-0188 'memory corruption in BigDecimal on 64bit platforms' * ruby-1.8.7-CVE-2011-0188.patch - Address CVE-CVE-2010-0541 'Ruby WEBrick javascript injection flaw' * ruby-1.8.7-CVE-2010-0541.patch - Address CVE-CVE-2009-4492 'ruby WEBrick log escape sequence' * ruby-1.8.6-CVE-2009-4492.patch - Resolves: rhbz#709957 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0909 CVE-2009-4492 CVE-2010-0541 CVE-2011-0188 CVE-2011-1004 CVE-2011-1005 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | ruby |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-10-31 | Name : Ubuntu Update for ruby1.8 USN-1603-2 File : nvt/gb_ubuntu_USN_1603_2.nasl |
2012-10-16 | Name : Fedora Update for ruby FEDORA-2012-15507 File : nvt/gb_fedora_2012_15507_ruby_fc16.nasl |
2012-10-11 | Name : Ubuntu Update for ruby1.8 USN-1603-1 File : nvt/gb_ubuntu_USN_1603_1.nasl |
2012-09-27 | Name : Ubuntu Update for ruby1.9.1 USN-1583-1 File : nvt/gb_ubuntu_USN_1583_1.nasl |
2012-07-30 | Name : CentOS Update for irb CESA-2011:0908 centos4 x86_64 File : nvt/gb_CESA-2011_0908_irb_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for ruby CESA-2011:0909 centos5 x86_64 File : nvt/gb_CESA-2011_0909_ruby_centos5_x86_64.nasl |
2012-06-06 | Name : RedHat Update for ruby RHSA-2011:0910-01 File : nvt/gb_RHSA-2011_0910-01_ruby.nasl |
2012-05-18 | Name : Mac OS X Multiple Vulnerabilities (2012-002) File : nvt/gb_macosx_su12-002.nasl |
2012-03-07 | Name : Ubuntu Update for ruby1.8 USN-1377-1 File : nvt/gb_ubuntu_USN_1377_1.nasl |
2011-08-18 | Name : CentOS Update for irb CESA-2011:0908 centos4 i386 File : nvt/gb_CESA-2011_0908_irb_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for ruby CESA-2011:0909 centos5 i386 File : nvt/gb_CESA-2011_0909_ruby_centos5_i386.nasl |
2011-07-08 | Name : RedHat Update for ruby RHSA-2011:0908-01 File : nvt/gb_RHSA-2011_0908-01_ruby.nasl |
2011-07-08 | Name : RedHat Update for ruby RHSA-2011:0909-01 File : nvt/gb_RHSA-2011_0909-01_ruby.nasl |
2011-06-03 | Name : Mandriva Update for ruby MDVSA-2011:097 (ruby) File : nvt/gb_mandriva_MDVSA_2011_097.nasl |
2011-03-09 | Name : Ruby '#to_s' Security Bypass Vulnerability File : nvt/gb_ruby_sec_bypass_vuln_win.nasl |
2011-03-07 | Name : Fedora Update for ruby FEDORA-2011-1913 File : nvt/gb_fedora_2011_1913_ruby_fc13.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70957 | Ruby Exception#to_s Method Safe Level Security Bypass Ruby contains a flaw related to the safe-level feature . The issue is triggered when a context-dependent attacker exploits a flaw within the exception '#to_s' handling. This may allow an attacker to bypass safe-level protection and modify strings via the 'Exception#to_s' method. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-03-15 | XML exponential entity expansion attack attempt RuleID : 29800 - Revision : 4 - Type : FILE-OTHER |
2014-01-10 | XML exponential entity expansion attack attempt RuleID : 27096 - Revision : 5 - Type : FILE-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-11-21 | Name : The remote EulerOS Virtualization host is missing multiple security updates. File : EulerOS_SA-2018-1374.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_ruby_20130924.nasl - Type : ACT_GATHER_INFO |
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-27.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_ruby-110517.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-298.nasl - Type : ACT_GATHER_INFO |
2014-05-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_ruby-140415.nasl - Type : ACT_GATHER_INFO |
2013-12-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2809.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-139.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-173.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-195.nasl - Type : ACT_GATHER_INFO |
2013-08-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2738.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0612.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0908.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0909.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0910.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0129.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0611.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0909.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-124.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ruby-8524.nasl - Type : ACT_GATHER_INFO |
2013-03-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1780-1.nasl - Type : ACT_GATHER_INFO |
2013-03-17 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-075-01.nasl - Type : ACT_GATHER_INFO |
2013-03-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0612.nasl - Type : ACT_GATHER_INFO |
2013-03-08 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0611.nasl - Type : ACT_GATHER_INFO |
2013-03-08 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130307_ruby_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-03-08 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130307_ruby_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-03-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0611.nasl - Type : ACT_GATHER_INFO |
2013-03-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0612.nasl - Type : ACT_GATHER_INFO |
2013-01-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0129.nasl - Type : ACT_GATHER_INFO |
2013-01-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130108_ruby_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0129.nasl - Type : ACT_GATHER_INFO |
2012-10-23 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1603-2.nasl - Type : ACT_GATHER_INFO |
2012-10-15 | Name : The remote Fedora host is missing a security update. File : fedora_2012-15507.nasl - Type : ACT_GATHER_INFO |
2012-10-11 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1603-1.nasl - Type : ACT_GATHER_INFO |
2012-09-26 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1583-1.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110628_ruby_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110628_ruby_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110628_ruby_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-05-10 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-002.nasl - Type : ACT_GATHER_INFO |
2012-05-10 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_7_4.nasl - Type : ACT_GATHER_INFO |
2012-02-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1377-1.nasl - Type : ACT_GATHER_INFO |
2011-08-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0908.nasl - Type : ACT_GATHER_INFO |
2011-06-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0908.nasl - Type : ACT_GATHER_INFO |
2011-06-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0910.nasl - Type : ACT_GATHER_INFO |
2011-06-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0909.nasl - Type : ACT_GATHER_INFO |
2011-05-31 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_ruby-110517.nasl - Type : ACT_GATHER_INFO |
2011-05-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-097.nasl - Type : ACT_GATHER_INFO |
2011-03-02 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1913.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-11-29 00:28:27 |
|
2016-10-18 12:06:58 |
|
2016-06-28 20:10:17 |
|
2014-02-17 11:57:00 |
|
2014-02-14 17:26:28 |
|
2014-02-12 13:27:21 |
|
2014-01-30 13:25:01 |
|
2014-01-18 00:23:48 |
|
2014-01-15 21:26:32 |
|
2013-05-03 17:20:25 |
|
2013-05-02 21:20:22 |
|
2013-04-11 00:20:45 |
|
2013-04-10 13:20:16 |
|
2013-03-07 21:17:38 |
|