Hi, On Thu, Mar 22, 2018 at 01:25:07AM +0100, Georg Faerber wrote: > On 18-03-22 01:04:23, Cédric Boutillier wrote: > > On Wed, Mar 21, 2018 at 11:35:57PM +0100, Georg Faerber wrote: > > > Please review / upload ruby-loofah 2.2.1-1, which fixes > > > CVE-2018-8048. Changes pushed to git in branch d/2.2.1-1. > > > > Can you add a short description for the CVE in the changelog (like > > 'prevents cross-site scripting')? > Sure, fixed in git. I uploaded ruby-loofah. > > This new version breaks two tests in ruby-rails-html-sanitizer (some > > spaces changed in the output). I didn't check if there was some update > > for this package which would reflect this. > I was kind of afraid that this might happen.. :/ Should I take this to > rails-html-sanitizer upstream, and ask for input on this? There doesn't > seem to be much activity, honestly. Also, there is no update, the last > commit was made 2017/05/12. Or should we rather fix the tests on our > own? I reported the issue upstream: https://github.com/rails/rails-html-sanitizer/issues/70 Since we have already a patch to disable some tests (due to us not using nokogiri's embedded version of libxml2), we can disable these two tests for now (probably with another patch, to ease its removal when the issue is fixed upstream). > (Also, because I would like to do my "homework": How do I test rdepends > with a new version of a dependency?) You can use the script "build" in the master repository. It will automatically try to build build-reverse dependencies and run the test suite of reverse dependencies.
Attachment:
signature.asc
Description: PGP signature