Bug#912398: marked as done (ruby-loofah: CVE-2018-16468)

Sat, 29 Dec 2018 23:09:31 -0800 

Your message dated Sun, 30 Dec 2018 07:04:04 +0000
with message-id <[email protected]>
and subject line Bug#912398: fixed in ruby-loofah 2.2.3-1
has caused the Debian Bug report #912398,
regarding ruby-loofah: CVE-2018-16468
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
912398: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912398
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: ruby-loofah
Version: 2.2.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/flavorjones/loofah/issues/154

Hi,

The following vulnerability was published for ruby-loofah.

CVE-2018-16468[0]:
| In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may
| occur in sanitized output when a crafted SVG element is republished.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-16468
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16468
[1] https://github.com/flavorjones/loofah/issues/154

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: ruby-loofah
Source-Version: 2.2.3-1

We believe that the bug you reported is fixed in the latest version of
ruby-loofah, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hideki Yamane <[email protected]> (supplier of updated ruby-loofah package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 30 Dec 2018 15:46:23 +0900
Source: ruby-loofah
Binary: ruby-loofah
Architecture: source
Version: 2.2.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers 
<[email protected]>
Changed-By: Hideki Yamane <[email protected]>
Description:
 ruby-loofah - manipulation and transformation of HTML/XML documents and fragmen
Closes: 912398
Changes:
 ruby-loofah (2.2.3-1) unstable; urgency=medium
 .
   * Team upload
 .
   * New upstream version 2.2.3 (Closes: #912398) (CVE-2018-16468)
   * debian/watch
     - update to use gemwatch.debian.net
   * debian/control
     - set Standards-Version: 4.3.0
     - use dh12
   * debian/compat
     - drop it
Checksums-Sha1:
 bfd1ab97e4953db2ec41e59a32e369f151674729 2194 ruby-loofah_2.2.3-1.dsc
 d4fd14de1fe1674639b21740e716decb00c2bae2 63626 ruby-loofah_2.2.3.orig.tar.gz
 02dd5d67af5803bee4e9653473a08760d86de2c0 3320 ruby-loofah_2.2.3-1.debian.tar.xz
 a2d74f1617c0c576893de71a2457efb5d767b06e 9149 
ruby-loofah_2.2.3-1_amd64.buildinfo
Checksums-Sha256:
 d0ca4e240151ac9bc929b80bf85616bdc78459b87b79183e91b86e04ab796695 2194 
ruby-loofah_2.2.3-1.dsc
 522b20f21123e5275e620e6590f549acca442da34c647a1509fafb3248547a50 63626 
ruby-loofah_2.2.3.orig.tar.gz
 92dad8a6a76eddc984a58e73e61f0d286183970a19774b8dd7dd1ea4609a2eee 3320 
ruby-loofah_2.2.3-1.debian.tar.xz
 57d01d085ae1f32cda5dab184404412d3d75396e15c0ac1dc2fe208aa627317e 9149 
ruby-loofah_2.2.3-1_amd64.buildinfo
Files:
 92a61d4d1f24b3e543810c8b1f546a85 2194 ruby optional ruby-loofah_2.2.3-1.dsc
 57080866881ec74e76ae01ffa8bfec2e 63626 ruby optional 
ruby-loofah_2.2.3.orig.tar.gz
 ca0a5aa92bcbbbe455cec3e2f7a0ef7e 3320 ruby optional 
ruby-loofah_2.2.3-1.debian.tar.xz
 433f32bf142b1489b1716402bc683f6a 9149 ruby optional 
ruby-loofah_2.2.3-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEWOEiL5aWyIWjzRBMXTKNCCqqsUAFAlwoajoACgkQXTKNCCqq
sUAbKA/8CNtg3L2XspQcRDTAYJOnClU6pE0Yfbe5w8zYeLnAWZLoBRea3n4QilV2
9tRfJH0IlcOVvLXUlMHUygjuGmcJrz1NCSF+RDz2y79tTnbcA/Y67c3nbjfxZb0h
8V3vDZXNTKEjnsDOvPWA3MQsB0oJyWSF0jmbOqh+93pjWR02WRVWSXhyOTZav5hz
mZ9xwkmiByTkYajRK5LyPZvdLxipfkB2OJZvWDjHtOfaKUVzmrv5Er7Ypo7aK5gJ
cj9TxqlHWgo2gbb43K75m1vDPNhWk7GeQJCdqXPUAoQOmWHGdiQuX/qHVhcYM6Dj
IKgSXZgQ4eQT1yPskblzwLN/2gmlFjmpccZfbkCQRxvCrgX5WZFmlyru69R2IwER
AuCeqOvtUkXwO1WedMcpMWaGhtHb1bL7tAFzECpj6jZVe4Vi2DgAP2X8capY+Rs9
4Zj+EmCeFDEKttgSPS0xAUeLyQU2A/XOTHZv6k4CVPa9w8DA8xkmadoU4iMuEo9b
H1Y16gpv3D5JkOGJPbYXwyZPfkF0jTGrTVCxoUZ9aUDS2n2QFWcUrpLLLRdunMab
2PHCbj/8l4sIByNjiGqSnkgALkRR168e3VUbOKBhETlBX9ADCDLzMCz0YRrikfhI
Lo7TaPsI+kumXgThemgHsQRrNb+mhAnjiLwHmg/mjUiU1hjRG0U=
=5uwH
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to