On Thu, Mar 22, 2018 at 05:21:15PM +0100, Georg Faerber wrote: > Dear security team, > > I would like to fix CVE-2018-8048, which is currently present in > ruby-loofah 2.0.3-2 in stretch. Do you prefer an "straight" upload done > by you, or should this be instead an upload via stretch-pu? > > In any case, I'll prepare a patch. Thanks. I think we should fix this via security.debian.org Cheers, Moritz