Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: 81bdd03c by Sylvain Beucler at 2023-09-13T16:31:15+02:00 Reserve DLA-3565-1 for ruby-loofah - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -119870,7 +119870,6 @@ CVE-2022-23517 (rails-html-sanitizer is responsible for sanitizing HTML fragment CVE-2022-23516 (Loofah is a general library for manipulating and transforming HTML/XML ...) - ruby-loofah 2.19.1-1 (bug #1026083) [bullseye] - ruby-loofah <no-dsa> (Minor issue) - [buster] - ruby-loofah <no-dsa> (Minor issue) NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm NOTE: https://github.com/flavorjones/loofah/commit/86f7f6364491b0099d215db858ecdc0c89ded040 CVE-2022-23515 (Loofah is a general library for manipulating and transforming HTML/XML ...) @@ -119881,7 +119880,6 @@ CVE-2022-23515 (Loofah is a general library for manipulating and transforming HT CVE-2022-23514 (Loofah is a general library for manipulating and transforming HTML/XML ...) - ruby-loofah 2.19.1-1 (bug #1026083) [bullseye] - ruby-loofah <no-dsa> (Minor issue) - [buster] - ruby-loofah <no-dsa> (Minor issue) NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh NOTE: https://github.com/flavorjones/loofah/commit/a6e0a1ab90675a17b1b2be189129d94139e4b143 CVE-2022-23513 (Pi-Hole is a network-wide ad blocking via your own Linux hardware, Adm ...) ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[13 Sep 2023] DLA-3565-1 ruby-loofah - security update + {CVE-2022-23514 CVE-2022-23515 CVE-2022-23516} + [buster] - ruby-loofah 2.2.3-1+deb10u2 [12 Sep 2023] DLA-3564-1 e2guardian - security update {CVE-2021-44273} [buster] - e2guardian 5.3.1-1+deb10u1 ===================================== data/dla-needed.txt ===================================== @@ -196,13 +196,6 @@ rails ring NOTE: 20230903: Added by Front-Desk (gladk) -- -ruby-loofah (Sylvain Beucler) - NOTE: 20221231: Added by Front-Desk (ola) - NOTE: 20230313: Pinged Daniel re. patches in repo ^. (lamby) - NOTE: 20230403: See "RFC: ruby-loofah 2.2.3-1+deb10u2" thread on debian-lts list. (lamby) - NOTE: 20230403: Everything ready in git, just waiting for ruby-rails-html-sanitizer/utkarsh (dleidert/inactive) - NOTE: 20230808: utkarsh mentions on IRC he's busy with other packages, this is "free to claim atm". (Beuc/front-desk) --- ruby-rails-html-sanitizer (Sylvain Beucler) NOTE: 20221231: Added by Front-Desk (ola) NOTE: 20230303: this cannot be fixed unless ruby-loofah is fixed with appropriate methods. (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81bdd03c3f7b9030c12f516a656c43d983daec28 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81bdd03c3f7b9030c12f516a656c43d983daec28 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits