Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
81bdd03c by Sylvain Beucler at 2023-09-13T16:31:15+02:00
Reserve DLA-3565-1 for ruby-loofah
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -119870,7 +119870,6 @@ CVE-2022-23517 (rails-html-sanitizer is responsible
for sanitizing HTML fragment
CVE-2022-23516 (Loofah is a general library for manipulating and transforming
HTML/XML ...)
- ruby-loofah 2.19.1-1 (bug #1026083)
[bullseye] - ruby-loofah <no-dsa> (Minor issue)
- [buster] - ruby-loofah <no-dsa> (Minor issue)
NOTE:
https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm
NOTE:
https://github.com/flavorjones/loofah/commit/86f7f6364491b0099d215db858ecdc0c89ded040
CVE-2022-23515 (Loofah is a general library for manipulating and transforming
HTML/XML ...)
@@ -119881,7 +119880,6 @@ CVE-2022-23515 (Loofah is a general library for
manipulating and transforming HT
CVE-2022-23514 (Loofah is a general library for manipulating and transforming
HTML/XML ...)
- ruby-loofah 2.19.1-1 (bug #1026083)
[bullseye] - ruby-loofah <no-dsa> (Minor issue)
- [buster] - ruby-loofah <no-dsa> (Minor issue)
NOTE:
https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh
NOTE:
https://github.com/flavorjones/loofah/commit/a6e0a1ab90675a17b1b2be189129d94139e4b143
CVE-2022-23513 (Pi-Hole is a network-wide ad blocking via your own Linux
hardware, Adm ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[13 Sep 2023] DLA-3565-1 ruby-loofah - security update
+ {CVE-2022-23514 CVE-2022-23515 CVE-2022-23516}
+ [buster] - ruby-loofah 2.2.3-1+deb10u2
[12 Sep 2023] DLA-3564-1 e2guardian - security update
{CVE-2021-44273}
[buster] - e2guardian 5.3.1-1+deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -196,13 +196,6 @@ rails
ring
NOTE: 20230903: Added by Front-Desk (gladk)
--
-ruby-loofah (Sylvain Beucler)
- NOTE: 20221231: Added by Front-Desk (ola)
- NOTE: 20230313: Pinged Daniel re. patches in repo ^. (lamby)
- NOTE: 20230403: See "RFC: ruby-loofah 2.2.3-1+deb10u2" thread on debian-lts
list. (lamby)
- NOTE: 20230403: Everything ready in git, just waiting for
ruby-rails-html-sanitizer/utkarsh (dleidert/inactive)
- NOTE: 20230808: utkarsh mentions on IRC he's busy with other packages, this
is "free to claim atm". (Beuc/front-desk)
---
ruby-rails-html-sanitizer (Sylvain Beucler)
NOTE: 20221231: Added by Front-Desk (ola)
NOTE: 20230303: this cannot be fixed unless ruby-loofah is fixed with
appropriate methods. (utkarsh)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81bdd03c3f7b9030c12f516a656c43d983daec28
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81bdd03c3f7b9030c12f516a656c43d983daec28
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
