Your message dated Mon, 16 Apr 2018 19:02:41 +0000
with message-id <e1f89oj-0007d4...@fasolo.debian.org>
and subject line Bug#893596: fixed in ruby-loofah 2.0.3-2+deb9u1
has caused the Debian Bug report #893596,
regarding ruby-loofah: CVE-2018-8048
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
893596: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893596
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ruby-loofah
Version: 2.0.3-2
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/flavorjones/loofah/issues/144

Hi,

the following vulnerability was published for ruby-loofah.

CVE-2018-8048[0]:
XSS vulnerability

The issue is actually raised by an underlying issue in libxml2, but
the CVE is specifically assigned for the loofah fix.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-8048
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8048
[1] https://github.com/flavorjones/loofah/issues/144
[2] 
https://github.com/flavorjones/loofah/commit/4a08c25a603654f2fc505a7d2bf0c35a39870ad7

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: ruby-loofah
Source-Version: 2.0.3-2+deb9u1

We believe that the bug you reported is fixed in the latest version of
ruby-loofah, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 893...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Georg Faerber <ge...@riseup.net> (supplier of updated ruby-loofah package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 24 Mar 2018 16:13:55 +0100
Source: ruby-loofah
Binary: ruby-loofah
Architecture: source all
Version: 2.0.3-2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Ruby Extras Maintainers 
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Georg Faerber <ge...@riseup.net>
Description:
 ruby-loofah - manipulation and transformation of HTML/XML documents and fragmen
Closes: 893596
Changes:
 ruby-loofah (2.0.3-2+deb9u1) stretch-security; urgency=high
 .
   * Introduce upstream patch to address a potential cross-site scripting
     vulnerability caused by libxml2 >= 2.9.2. (Closes: #893596)
     (CVE-2018-8048)
Checksums-Sha1:
 98d28ab54b120ae89a3a1fb4a03c5abd4963247d 1844 ruby-loofah_2.0.3-2+deb9u1.dsc
 58155e135a1d93999d0b1f101c02df3a6a4c9d71 57244 ruby-loofah_2.0.3.orig.tar.gz
 c57d866e4c4a8a71eb1a45d35cc5b7e5d942b472 4612 
ruby-loofah_2.0.3-2+deb9u1.debian.tar.xz
 3ec0c9220bc93030c30e52c42fa8ebdea82b1902 22158 
ruby-loofah_2.0.3-2+deb9u1_all.deb
 c34c5a77ad52246adbf06092a4b482aed1cda041 6692 
ruby-loofah_2.0.3-2+deb9u1_amd64.buildinfo
Checksums-Sha256:
 de55b9e05826df5a9128899a6d3247d74d25e8aff88d1ab7e68a9ae35b6cd8f5 1844 
ruby-loofah_2.0.3-2+deb9u1.dsc
 a7faa04cc845ce9f24e510e5091c1a52e982b8c352bfa67c6e4a2fedc3e40d49 57244 
ruby-loofah_2.0.3.orig.tar.gz
 855353bba6b437a25f3734c1cce5abc843076dd0c1d4735f7985398abf7f32b8 4612 
ruby-loofah_2.0.3-2+deb9u1.debian.tar.xz
 3cc19e557513771f7c89626546464be1811b14d1254852c39a56c8cfbf6da9d1 22158 
ruby-loofah_2.0.3-2+deb9u1_all.deb
 5bf02bd1dafb4812b6a42d9ce685decd011e77af1ea20da90cfa0ff37af6469e 6692 
ruby-loofah_2.0.3-2+deb9u1_amd64.buildinfo
Files:
 694be3c00c5e33ad7b80c8287758a529 1844 ruby optional 
ruby-loofah_2.0.3-2+deb9u1.dsc
 2c09ce72bfa2905f2d7a48dece94405a 57244 ruby optional 
ruby-loofah_2.0.3.orig.tar.gz
 20d4b84f6bae939686955ef754b8a179 4612 ruby optional 
ruby-loofah_2.0.3-2+deb9u1.debian.tar.xz
 3e5f32c08b90e4a6d588009187944bd3 22158 ruby optional 
ruby-loofah_2.0.3-2+deb9u1_all.deb
 dcf6825fdfc506983eec11dccb0ebac2 6692 ruby optional 
ruby-loofah_2.0.3-2+deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEnM1rMZ2/jkCrGr0aia+CtznNIXoFAlrOdeMACgkQia+CtznN
IXqXdwgAoHt09FTRggY3nnZDmbLyHz4SLuWUdfutUjiE8RO2NhoWn6deCi3bAZ69
i48J8NAgrvh6dHKNKKsyQ2xOoSxedAZm5GKfzm93KOY42ouQLiTwpcMcRf1EW9Dp
cHDNJcmOmCOGhaCPiIpaAUoJWO8w8/ddQDICW+izWuldTIw1fUYtlAWQm0FrbZ6h
g6rXAP54jfQgl0zIfSCM9GHALz51oiWQ/gWtNRC72MfZ8OvRY3ek8DmEez6pbaZp
BXdpPgLQheUeusZIfQMDJhgvkHN9078vR0npYhlo+t5Betl40kHcGCWCiv03TZg6
ixgQv7RwhHDY26ARGcCrcAT5Akq8bw==
=GPRm
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to