Re: RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)

To: debian-ruby@lists.debian.org
Subject: Re: RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)
From: Cédric Boutillier <boutil@debian.org>
Date: Thu, 22 Mar 2018 01:04:23 +0100
Message-id: <[🔎] 20180322000423.GA8457@esfahan>
Mail-followup-to: debian-ruby@lists.debian.org
In-reply-to: <[🔎] 20180321223557.GE2961@debian>
References: <[🔎] 20180321223557.GE2961@debian>

Hi,

On Wed, Mar 21, 2018 at 11:35:57PM +0100, Georg Faerber wrote:
> Hi all,

> Please review / upload ruby-loofah 2.2.1-1, which fixes CVE-2018-8048.
> Changes pushed to git in branch d/2.2.1-1.

Can you add a short description for the CVE in the changelog (like
'prevents cross-site scripting')?

This new version breaks two tests in ruby-rails-html-sanitizer (some
spaces changed in the output). I didn't check if there was some update
for this package which would reflect this.

Can you also take care of applying the patch to the version currently in
stable and contact the security team for a proposed update for stretch?

Cheers,

Cédric

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)
  - From: Georg Faerber <georg@riseup.net>
- Re: RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)
  - From: Georg Faerber <georg@riseup.net>
- rails-html-sanitizer 1.0.3: Two broken tests with loofah 2.2.1 (CVE-2018-8048)
  - From: Georg Faerber <georg@riseup.net>
- ruby-loofah 2.0.3-2 (stretch) update (CVE-2018-8048)
  - From: Georg Faerber <georg@riseup.net>

References:
- RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)
  - From: Georg Faerber <georg@riseup.net>

Prev by Date: Re: RFS: ruby-tzinfo, ruby-gettext, ruby-kgio, ruby-solve
Next by Date: Re: RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)
Previous by thread: RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)
Next by thread: Re: RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)
Index(es):
- Date
- Thread