Re: ruby-loofah 2.0.3-2 (stretch) update (CVE-2018-8048)

To: debian-ruby@lists.debian.org
Subject: Re: ruby-loofah 2.0.3-2 (stretch) update (CVE-2018-8048)
From: Georg Faerber <georg@riseup.net>
Date: Sat, 24 Mar 2018 17:02:39 +0100
Message-id: <[🔎] 20180324160239.GK20687@debian>
In-reply-to: <[🔎] 20180324154117.GJ20687@debian>
References: <[🔎] 20180321223557.GE2961@debian> <[🔎] 20180322000423.GA8457@esfahan> <[🔎] 20180322162115.GM2961@debian> <[🔎] 20180324154117.GJ20687@debian>

On 18-03-24 16:41:17, Georg Faerber wrote:
> --- ruby-loofah-2.0.3/debian/changelog	2016-01-07 14:22:29.000000000 +0100
> +++ ruby-loofah-2.0.3/debian/changelog	2018-03-24 16:13:55.000000000 +0100
> @@ -1,3 +1,10 @@
> +ruby-loofah (2.0.3-2+deb9u1) stretch-security; urgency=high
> +
> +  * Introduce upstream patch to address a potential cross-site scripting
> +    vulnerability caused by libxml >= 2.9.2. (Closes: #893596) (CVE-2018-8048)

                               ^^^^^^

That should have been libxml2, fixed in git.

> +
> + -- Georg Faerber <georg@riseup.net>  Sat, 24 Mar 2018 16:13:55 +0100
> +
>  ruby-loofah (2.0.3-2) unstable; urgency=medium

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)
  - From: Georg Faerber <georg@riseup.net>
- Re: RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)
  - From: Cédric Boutillier <boutil@debian.org>
- ruby-loofah 2.0.3-2 (stretch) update (CVE-2018-8048)
  - From: Georg Faerber <georg@riseup.net>
- Re: ruby-loofah 2.0.3-2 (stretch) update (CVE-2018-8048)
  - From: Georg Faerber <georg@riseup.net>

Prev by Date: Re: ruby-loofah 2.0.3-2 (stretch) update (CVE-2018-8048)
Next by Date: Re: ruby-loofah 2.0.3-2 (stretch) update (CVE-2018-8048)
Previous by thread: Re: ruby-loofah 2.0.3-2 (stretch) update (CVE-2018-8048)
Next by thread: Re: ruby-loofah 2.0.3-2 (stretch) update (CVE-2018-8048)
Index(es):
- Date
- Thread