Your message dated Thu, 22 Mar 2018 13:22:09 +0000 with message-id <e1ez0at-0005b5...@fasolo.debian.org> and subject line Bug#893596: fixed in ruby-loofah 2.2.1-1 has caused the Debian Bug report #893596, regarding ruby-loofah: CVE-2018-8048 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 893596: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893596 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ruby-loofah Version: 2.0.3-2 Severity: important Tags: patch security upstream Forwarded: https://github.com/flavorjones/loofah/issues/144 Hi, the following vulnerability was published for ruby-loofah. CVE-2018-8048[0]: XSS vulnerability The issue is actually raised by an underlying issue in libxml2, but the CVE is specifically assigned for the loofah fix. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-8048 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8048 [1] https://github.com/flavorjones/loofah/issues/144 [2] https://github.com/flavorjones/loofah/commit/4a08c25a603654f2fc505a7d2bf0c35a39870ad7 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ruby-loofah Source-Version: 2.2.1-1 We believe that the bug you reported is fixed in the latest version of ruby-loofah, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 893...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Georg Faerber <ge...@riseup.net> (supplier of updated ruby-loofah package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 21 Mar 2018 23:10:40 +0100 Source: ruby-loofah Binary: ruby-loofah Architecture: source Version: 2.2.1-1 Distribution: unstable Urgency: medium Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Georg Faerber <ge...@riseup.net> Description: ruby-loofah - manipulation and transformation of HTML/XML documents and fragmen Closes: 893596 Changes: ruby-loofah (2.2.1-1) unstable; urgency=medium . * New upstream release: - Includes fix to prevent cross-site scripting via libxml2. (Closes: #893596) (CVE-2018-8048) * debian/changelog: Remove trailing whitespace. * debian/compat: Bump debhelper compatibility level to 11. * debian/control: - Use salsa.debian.org in Vcs-* fields. - Bump Standards-Version to 4.1.3 (no changes needed). - Bump required debhelper version to >= 11~. - Add ruby-crass as (build) dependency. - Add myself as Uploader. * debian/copyright: - Use HTTPS in link to copyright format specification. - Update Debian packaging authors. * debian/patches: Drop obsolete patch to fix failing specs. This was integrated upstream. * debian/ruby-loofah.docs: Install upstream README. * debian/watch: Use version 4 and HTTPS in link to gemwatch service. Checksums-Sha1: f7420f647243f69ba519a9ab0a278a386046dcc1 1825 ruby-loofah_2.2.1-1.dsc 90dfcae4f331cfaf8ef8d8d61c86e799fb2b92b7 61655 ruby-loofah_2.2.1.orig.tar.gz 6439aef57208d3df262315086066215e94564539 3220 ruby-loofah_2.2.1-1.debian.tar.xz 27ac9889a22e05599a833509f377d8e2ae9e4b49 6414 ruby-loofah_2.2.1-1_source.buildinfo Checksums-Sha256: cae441f27ef26c8f48f44f8d9fb3757cdf566ec08d97dc471b51897081afa420 1825 ruby-loofah_2.2.1-1.dsc e40af51de9d1a273f57fab0a073ae09e72bb053242c5c477d07e8c6fd8bc9e69 61655 ruby-loofah_2.2.1.orig.tar.gz adfbb60d6a37779c8d46e2efa2fa3ae95de7ac5d63c24272d6580d5c97a721b3 3220 ruby-loofah_2.2.1-1.debian.tar.xz ec2b7e35c0594f6df69a0d04fa2ce87622a2168fa56ad3969eabb33a1ab47c60 6414 ruby-loofah_2.2.1-1_source.buildinfo Files: 30c6bfb40a4bd9ee43800e25eb404646 1825 ruby optional ruby-loofah_2.2.1-1.dsc ee30a7cdb6bdb2c82df047e8bffe5f56 61655 ruby optional ruby-loofah_2.2.1.orig.tar.gz 029625137bcfaa4b467d2af70299be72 3220 ruby optional ruby-loofah_2.2.1-1.debian.tar.xz 89639890971a304e17eea7e46a56ec7b 6414 ruby optional ruby-loofah_2.2.1-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEnM1rMZ2/jkCrGr0aia+CtznNIXoFAlqzqh4ACgkQia+CtznN IXoWvAf/VdBsjA/KmXfy2K43JXiVYz4utYgTE5mIRqX3ntWl8EOxWa++rxsUrFsF RVfFD5Aczvly/Wf74/+AA15aEfIem0SW9as/7Y+b6RpQGCyqBPJdr61gpyFPf5b7 g7E8UU+pdVgOSaBf3b6EZvAHzEdnG/9U8+vjINiQO+NfDxZD8zu+7nPnu2KLrVKL +Mf1RGtzOIm04kct98/InAcGlPqHLfm6AZszqs7SVSCoanrjCSvP772aC4VD2N3U JidD1LPGcmPrnM3TWepOfArjK2aBw1q4caTWFJdqGqHq1jNiad5haN3iiURweUOE ZwMaGIX+xHZ+OT6Xz0smWARWVm0xUQ== =AIAP -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
