On 18-03-24 16:41:17, Georg Faerber wrote: > --- ruby-loofah-2.0.3/debian/changelog 2016-01-07 14:22:29.000000000 +0100 > +++ ruby-loofah-2.0.3/debian/changelog 2018-03-24 16:13:55.000000000 +0100 > @@ -1,3 +1,10 @@ > +ruby-loofah (2.0.3-2+deb9u1) stretch-security; urgency=high > + > + * Introduce upstream patch to address a potential cross-site scripting > + vulnerability caused by libxml >= 2.9.2. (Closes: #893596) (CVE-2018-8048) ^^^^^^ That should have been libxml2, fixed in git. > + > + -- Georg Faerber <georg@riseup.net> Sat, 24 Mar 2018 16:13:55 +0100 > + > ruby-loofah (2.0.3-2) unstable; urgency=medium
Attachment:
signature.asc
Description: Digital signature