Nokogiri security updates - 1.6.6.3 and 1.6.6.4

[Mike Dalessio]

Hello,

Nokogiri 1.6.6.3 and 1.6.6.4 were recently cut, with patches to the vendored libxml2/libxslt addressing a handful of CVEs and one nasty bug that doesn't have a CVE assigned.

Some links if you care to dig in:

The patches added to 1.6.6.3 are [here](https://github.com/sparklemotion/nokogiri/commit/ac6106f1e641d50b27752c52b355e01d03ae8829), and the CVEs are summarized at [this USN](http://www.ubuntu.com/usn/usn-2812-1/).

The patch added to 1.6.6.4 is [here](https://github.com/sparklemotion/nokogiri/commit/3ab1b2339f7bb3a00590c8d288a24a9dbfe5aec4), and the background description is at [this bugzilla issue](https://bugzilla.gnome.org/show_bug.cgi?id=746048).

If you're on Ubuntu and using system libraries, you may want to consider using Nokogiri's vendored libxml2 for the patch in 1.6.6.4 which is not yet in Canonical's backports.

-m