Hi Kasper,
We would like to fix CVE-2018-8048, which was assigned some days ago, to
loofah. A fix was released to address a potential XSS vulnerability
caused by libxml2. See [1] and below:
On 18-03-22 01:04:23, Cédric Boutillier wrote:
> On Wed, Mar 21, 2018 at 11:35:57PM +0100, Georg Faerber wr
Hi,
On 18-03-20 11:25:12, Cédric Boutillier wrote:
> I added simple scripts in the meta repo, which automate boring tasks:
Nice! :)
> standards-version:
> update Standards-Version to the latest policy version
This breaks if the file is not available. I'll add a check to catch
this.
> If you
* Georg Faerber [180322 01:29]:
> On 18-03-22 01:04:23, Cédric Boutillier wrote:
> > Can you also take care of applying the patch to the version currently
> > in stable and contact the security team for a proposed update for
> > stretch?
>
> Actually, aren't proposed uploads targeted at point rel
On 18-03-22 01:04:23, Cédric Boutillier wrote:
> Can you also take care of applying the patch to the version currently
> in stable and contact the security team for a proposed update for
> stretch?
Actually, aren't proposed uploads targeted at point releases? If so,
this might take a while, as the
Hi,
On 18-03-22 01:04:23, Cédric Boutillier wrote:
> On Wed, Mar 21, 2018 at 11:35:57PM +0100, Georg Faerber wrote:
> > Please review / upload ruby-loofah 2.2.1-1, which fixes
> > CVE-2018-8048. Changes pushed to git in branch d/2.2.1-1.
>
> Can you add a short description for the CVE in the chan
Hi,
On Wed, Mar 21, 2018 at 11:35:57PM +0100, Georg Faerber wrote:
> Hi all,
> Please review / upload ruby-loofah 2.2.1-1, which fixes CVE-2018-8048.
> Changes pushed to git in branch d/2.2.1-1.
Can you add a short description for the CVE in the changelog (like
'prevents cross-site scripting')?
On 18-03-21 23:34:50, Cédric Boutillier wrote:
> On Wed, Mar 21, 2018 at 11:29:33PM +0300, Hleb Valoshka wrote:
> > On 3/21/18, Cédric Boutillier wrote:
>
> > > Is it "normal" that ruby-gettext-setup tests fail with the new
> > > ruby-gettext? They seem to pass with the current version on
> > > c
Hi all,
Please review / upload ruby-loofah 2.2.1-1, which fixes CVE-2018-8048.
Changes pushed to git in branch d/2.2.1-1.
Thanks,
cheers,
Georg
signature.asc
Description: Digital signature
On Wed, Mar 21, 2018 at 11:29:33PM +0300, Hleb Valoshka wrote:
> On 3/21/18, Cédric Boutillier wrote:
> > Is it "normal" that ruby-gettext-setup tests fail with the new
> > ruby-gettext? They seem to pass with the current version on
> > ci.debian.net.
> I've checked ruby-gettext-setup and can sa
On 3/21/18, Cédric Boutillier wrote:
> Is it "normal" that ruby-gettext-setup tests fail with the new
> ruby-gettext? They seem to pass with the current version on
> ci.debian.net.
I've checked ruby-gettext-setup and can say that it doesn't actually
use anything from gettext gem, only from fast-
ruby-kgio uploaded.
signature.asc
Description: PGP signature
11 matches
Mail list logo