Your message dated Wed, 13 Jun 2018 11:37:11 +0000
with message-id <e1ft45p-000ish...@fasolo.debian.org>
and subject line Bug#893610: fixed in ruby-sanitize 4.6.5-1
has caused the Debian Bug report #893610,
regarding ruby-sanitize: CVE-2018-3740
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
893610: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893610
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ruby-sanitize
Version: 2.1.0-1
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/rgrove/sanitize/issues/176
Hi,
the following vulnerability was published for ruby-sanitize.
CVE-2018-3740[0]:
Sanitize HTML injection vulnerability
Code has changed quite a bit (e.g. 'clean' -> 'frament' method change
in v3.0.0, but the underlying issue seems present in 2.1.0 based
version as well afaics).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-3740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3740
[1] https://github.com/rgrove/sanitize/issues/176
[2]
https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ruby-sanitize
Source-Version: 4.6.5-1
We believe that the bug you reported is fixed in the latest version of
ruby-sanitize, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 893...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pirate Praveen <prav...@debian.org> (supplier of updated ruby-sanitize package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 13 Jun 2018 16:27:12 +0530
Source: ruby-sanitize
Binary: ruby-sanitize
Architecture: source
Version: 4.6.5-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Pirate Praveen <prav...@debian.org>
Description:
ruby-sanitize - whitelist-based HTML sanitizer
Closes: 893610
Changes:
ruby-sanitize (4.6.5-1) experimental; urgency=medium
.
* Team upload
.
[ Cédric Boutillier ]
* Remove version in the gem2deb build-dependency
* Use https:// in Vcs-* fields
* Use https:// in Vcs-* fields
.
[ Pirate Praveen ]
* New upstream version 4.6.5 (Closes: #893610) (Fixes: CVE-2018-3740)
* Bump Standards-Version to 4.1.4 (no changes needed)
* Bump debhelper compatibility level to 11
* Use salsa.debian.org in Vcs-* fields
* Update gemwatch url
* Update dependencies, add Testsuite field
* Check dependencies during build
Checksums-Sha1:
0f9a88f29f52a6f9cb61ddca151facc03f342f11 2135 ruby-sanitize_4.6.5-1.dsc
5328dae21f66cb7ddb491320ea4818a47219ef0f 39804 ruby-sanitize_4.6.5.orig.tar.gz
a5836ec6d1475c1897c1bce7b30b5eda573e4bee 2596
ruby-sanitize_4.6.5-1.debian.tar.xz
5f4a9ba7db3cca83fae801f55d8bc4a534e61918 6332
ruby-sanitize_4.6.5-1_source.buildinfo
Checksums-Sha256:
2454a3433e928e52275ce3b1a7d76367350ff3a52f93a24f2c0608cac4425658 2135
ruby-sanitize_4.6.5-1.dsc
ff31e903e0316b191767fd638317ff6a118181c24382c093cfc9613ab11c55ee 39804
ruby-sanitize_4.6.5.orig.tar.gz
e7a56bd623581c0bf56751ed5dd9d600fc1c7e86ecd26031eeb8f6fe19ef4eee 2596
ruby-sanitize_4.6.5-1.debian.tar.xz
f46f30818e3725036462535ee46a346eeb545ead6ef0109c672d8fcb9e54244d 6332
ruby-sanitize_4.6.5-1_source.buildinfo
Files:
83e72f50eb5bc822dd32c5b65904f0af 2135 ruby optional ruby-sanitize_4.6.5-1.dsc
9f36d891a29daf1d8dc5a744625b81a2 39804 ruby optional
ruby-sanitize_4.6.5.orig.tar.gz
00ef7bacc8fea07c87089bb39770bab8 2596 ruby optional
ruby-sanitize_4.6.5-1.debian.tar.xz
b9fa40f6833e6504b199109768300989 6332 ruby optional
ruby-sanitize_4.6.5-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEKnl0ri/BUtd4Z9pKzh+cZ0USwioFAlsg/acACgkQzh+cZ0US
wioyaA/+OzqV0kvtMeAFukgHylYkMgLIGnwXdBeCcboKui11O+OJDGRGuyPZuJcW
/lbHerX4ZwdgbZ5S1ufRYd8FwjT9VnhbiJa2TzwZLWFgzgDrVPcu8C7mpj/mn7Bq
COMzSdhs6/+ZCa5FVL+OoBAZ3oB3ywVUrpHi5O7QF4zNL9fg7veYlfQBi6gc9g1l
61fQ3c2I6ptbUw+++ULTjCk7LUhtZzwLr1cwTI9Cn3++00OmPj+nItsSwzP2wSex
Rbf2pBIo94brGRgUKkPgULwxA3ipQIR3TzyMb35xPKpfDx3d9LEmLAoN4bVq9ee5
Y3aoKkMVoGxNhG7LGpG1cG/S8SGOQhKjpiQoljmYex9xnckS4JIimufgOs0g/UfT
/4M36WlZc4RWKi0OLlQ6WqfAYVp80waTpptQHk4mh2uC9z+SABu5P2VfXEj8HhNu
f3IYFZy587LVShI7UQXd5a5m8qE1Du1fEf4xwFQvbq4DPFYRGrSo+VTBqms9HR1I
98smp9G3mBAP2LpZwwz1QSg9wrMYMl5DmJffp5GOwOJ/UkhL7ZFHZzVpwU3DEzgI
Fx5/gZGbwh/yDpkl5ApfjWBKqKUVR438ykXO0A2dW8TuFcoRwll8LyxlU8aOniOw
wT1uT3UVJsB/dc4Q1CmMHLMw6b+yiY7OPpm2qlmjxr5p46lmNj8=
=fdYI
-----END PGP SIGNATURE-----
--- End Message ---
