Hi, @Ruby team: Gentle ping; could someone please take care of the upload? Thanks, cheers, Georg On 18-04-03 12:05:28, Georg Faerber wrote: > On 18-04-03 11:53:08, Salvatore Bonaccorso wrote: > > On Sun, Mar 25, 2018 at 07:10:40PM +0200, Georg Faerber wrote: > > > On 18-03-22 17:23:48, Moritz Muehlenhoff wrote: > > > > On Thu, Mar 22, 2018 at 05:21:15PM +0100, Georg Faerber wrote: > > > > > I would like to fix CVE-2018-8048, which is currently present in > > > > > ruby-loofah 2.0.3-2 in stretch. Do you prefer an "straight" upload > > > > > done by you, or should this be instead an upload via stretch-pu? > > > > > > > > > > In any case, I'll prepare a patch. > > > > > > > > Thanks. I think we should fix this via security.debian.org > > > > > > Please find the debdiff below. Changes pushed to git [1] in branch > > > stretch/backports. > > > > > > Please note: The first iteration of the patch didn't included DEP3 > > > headers. Also, I didn't added the new test case. After review of the > > > Ruby team, I've changed this. I've removed blank lines included in the > > > upstream commit to keep the delta as small as possible. > > > > The debdiff looks good per se. > > Great! > > > Regarding stripping the comments and empty lines, that would not have > > been a requirement. If it helps future backports just keep them, if > > the comments are descriptive and help one can keep those as well. > > I would leave it as is. > > > If you were able to test sufficiently ruby-loofah with the fix in > > production please do upload (If I see it correctly you will need a > > sponsored upload). Make sure to have the upload built with -sa since > > it's the first ruby-loofah upload for stretch security-master is > > seeing. > > I'm not using it in production, but all tests pass, so I think we're > good to go. > > @Ruby team: If you agree, could you please do the upload?
Attachment:
signature.asc
Description: Digital signature