Hi, On 18-03-22 01:04:23, Cédric Boutillier wrote: > On Wed, Mar 21, 2018 at 11:35:57PM +0100, Georg Faerber wrote: > > Please review / upload ruby-loofah 2.2.1-1, which fixes > > CVE-2018-8048. Changes pushed to git in branch d/2.2.1-1. > > Can you add a short description for the CVE in the changelog (like > 'prevents cross-site scripting')? Sure, fixed in git. > This new version breaks two tests in ruby-rails-html-sanitizer (some > spaces changed in the output). I didn't check if there was some update > for this package which would reflect this. I was kind of afraid that this might happen.. :/ Should I take this to rails-html-sanitizer upstream, and ask for input on this? There doesn't seem to be much activity, honestly. Also, there is no update, the last commit was made 2017/05/12. Or should we rather fix the tests on our own? (Also, because I would like to do my "homework": How do I test rdepends with a new version of a dependency?) > Can you also take care of applying the patch to the version currently > in stable and contact the security team for a proposed update for > stretch? Sure, will try my best. Never did this up until now, so I'll send a proposal here and ask for some input. Cheers, Georg
Attachment:
signature.asc
Description: Digital signature