rails-html-sanitizer 1.0.3: Two broken tests with loofah 2.2.1 (CVE-2018-8048)

To: debian-ruby@lists.debian.org
Cc: kaspth@gmail.com
Subject: rails-html-sanitizer 1.0.3: Two broken tests with loofah 2.2.1 (CVE-2018-8048)
From: Georg Faerber <georg@riseup.net>
Date: Thu, 22 Mar 2018 01:48:49 +0100
Message-id: <[🔎] 20180322004849.GJ2961@debian>
In-reply-to: <[🔎] 20180322000423.GA8457@esfahan>
References: <[🔎] 20180321223557.GE2961@debian> <[🔎] 20180322000423.GA8457@esfahan>

Hi Kasper,

We would like to fix CVE-2018-8048, which was assigned some days ago, to
loofah. A fix was released to address a potential XSS vulnerability
caused by libxml2. See [1] and below:

On 18-03-22 01:04:23, Cédric Boutillier wrote:
> On Wed, Mar 21, 2018 at 11:35:57PM +0100, Georg Faerber wrote:
> > Please review / upload ruby-loofah 2.2.1-1, which fixes
> > CVE-2018-8048.  Changes pushed to git in branch d/2.2.1-1.
> 
> This new version breaks two tests in ruby-rails-html-sanitizer (some
> spaces changed in the output). I didn't check if there was some update
> for this package which would reflect this.

Any input on this? Would it be possible to release a new version
addressing this?

Thanks,
cheers,
Georg

[1] https://github.com/flavorjones/loofah/issues/144

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)
  - From: Georg Faerber <georg@riseup.net>
- Re: RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)
  - From: Cédric Boutillier <boutil@debian.org>

Prev by Date: Re: simple helper scripts: vcs-salsa, standards-version, debhelper-compat
Next by Date: Re: RFS ruby-aws-sdk (1.67.0-2) && 2 questions
Previous by thread: Re: RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)
Next by thread: ruby-loofah 2.0.3-2 (stretch) update (CVE-2018-8048)
Index(es):
- Date
- Thread