Hi, On Wed, Mar 21, 2018 at 11:35:57PM +0100, Georg Faerber wrote: > Hi all, > Please review / upload ruby-loofah 2.2.1-1, which fixes CVE-2018-8048. > Changes pushed to git in branch d/2.2.1-1. Can you add a short description for the CVE in the changelog (like 'prevents cross-site scripting')? This new version breaks two tests in ruby-rails-html-sanitizer (some spaces changed in the output). I didn't check if there was some update for this package which would reflect this. Can you also take care of applying the patch to the version currently in stable and contact the security team for a proposed update for stretch? Cheers, Cédric
Attachment:
signature.asc
Description: PGP signature