Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
273bed5f by Sylvain Beucler at 2023-09-13T16:33:57+02:00
Reserve DLA-3566-1 for ruby-rails-html-sanitizer

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -119838,7 +119838,6 @@ CVE-2022-23521 (Git is distributed revision control 
system. gitattributes are a
        NOTE: 
https://github.com/git/git/files/10430260/X41-OSTIF-Gitlab-Git-Security-Audit-20230117-public.pdf
 CVE-2022-23520 (rails-html-sanitizer is responsible for sanitizing HTML 
fragments in R ...)
        - ruby-rails-html-sanitizer 1.4.4-1 (bug #1027153)
-       [buster] - ruby-rails-html-sanitizer <no-dsa> (Minor issue)
        NOTE: 
https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8
        NOTE: 
https://github.com/flavorjones/loofah/blob/main/docs/2022-10-decision-on-cdata-nodes.md
        NOTE: 
https://github.com/rails/rails-html-sanitizer/commit/e6d52d3b6db99d07399498b1287997302d444a8d
 (v1.4.4)
@@ -119848,7 +119847,6 @@ CVE-2022-23520 (rails-html-sanitizer is responsible 
for sanitizing HTML fragment
        NOTE: Replaces CVE-2022-32209 fix, requires 'cdata_escape' from 
ruby-loofah >= 2.19.1.
 CVE-2022-23519 (rails-html-sanitizer is responsible for sanitizing HTML 
fragments in R ...)
        - ruby-rails-html-sanitizer 1.4.4-1 (bug #1027153)
-       [buster] - ruby-rails-html-sanitizer <postponed> (Minor issue can be 
fixed later)
        NOTE: 
https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h
        NOTE: 
https://github.com/flavorjones/loofah/blob/main/docs/2022-10-decision-on-cdata-nodes.md
        NOTE: 
https://github.com/rails/rails-html-sanitizer/commit/e6d52d3b6db99d07399498b1287997302d444a8d
 (v1.4.4)
@@ -119864,7 +119862,6 @@ CVE-2022-23518 (rails-html-sanitizer is responsible 
for sanitizing HTML fragment
        NOTE: 
https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m
 CVE-2022-23517 (rails-html-sanitizer is responsible for sanitizing HTML 
fragments in R ...)
        - ruby-rails-html-sanitizer 1.4.4-1 (bug #1027153)
-       [buster] - ruby-rails-html-sanitizer <no-dsa> (Minor issue)
        NOTE: 
https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w
        NOTE: 
https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979
 CVE-2022-23516 (Loofah is a general library for manipulating and transforming 
HTML/XML ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[13 Sep 2023] DLA-3566-1 ruby-rails-html-sanitizer - security update
+       {CVE-2022-23517 CVE-2022-23518 CVE-2022-23519 CVE-2022-23520}
+       [buster] - ruby-rails-html-sanitizer 1.0.4-1+deb10u2
 [13 Sep 2023] DLA-3565-1 ruby-loofah - security update
        {CVE-2022-23514 CVE-2022-23515 CVE-2022-23516}
        [buster] - ruby-loofah 2.2.3-1+deb10u2


=====================================
data/dla-needed.txt
=====================================
@@ -196,11 +196,6 @@ rails
 ring
   NOTE: 20230903: Added by Front-Desk (gladk)
 --
-ruby-rails-html-sanitizer (Sylvain Beucler)
-  NOTE: 20221231: Added by Front-Desk (ola)
-  NOTE: 20230303: this cannot be fixed unless ruby-loofah is fixed with 
appropriate methods. (utkarsh)
-  NOTE: 20230808: utkarsh mentions on IRC he's busy with other packages, this 
is "free to claim atm". (Beuc/front-desk)
---
 ruby-rmagick
   NOTE: 20230808: Added by Front-Desk on rouca's (imagemagick package 
maintainer) request (Beuc)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/273bed5fb52396ff536194926cbe3fa0e5a63464

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/273bed5fb52396ff536194926cbe3fa0e5a63464
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to