rails-html-sanitizer 1.0.3: Two broken tests with loofah 2.2.1 (CVE-2018-8048)

Hi Kasper, We would like to fix CVE-2018-8048, which was assigned some days ago, to loofah. A fix was released to address a potential XSS vulnerability caused by libxml2. See [1] and below: On 18-03-22 01:04:23, Cédric Boutillier wrote: > On Wed, Mar 21, 2018 at 11:35:57PM +0100, Georg Faerber

Re: simple helper scripts: vcs-salsa, standards-version, debhelper-compat

Hi, On 18-03-20 11:25:12, Cédric Boutillier wrote: > I added simple scripts in the meta repo, which automate boring tasks: Nice! :) > standards-version: > update Standards-Version to the latest policy version This breaks if the file is not available. I'll add a check to catch this. > If you

Re: RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)

* Georg Faerber [180322 01:29]: > On 18-03-22 01:04:23, Cédric Boutillier wrote: > > Can you also take care of applying the patch to the version currently > > in stable and contact the security team for a proposed update for > > stretch? > > Actually, aren't proposed uploads

Re: RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)

On 18-03-22 01:04:23, Cédric Boutillier wrote: > Can you also take care of applying the patch to the version currently > in stable and contact the security team for a proposed update for > stretch? Actually, aren't proposed uploads targeted at point releases? If so, this might take a while, as

Re: RFS: ruby-tzinfo, ruby-gettext, ruby-kgio, ruby-solve

On 18-03-21 23:34:50, Cédric Boutillier wrote: > On Wed, Mar 21, 2018 at 11:29:33PM +0300, Hleb Valoshka wrote: > > On 3/21/18, Cédric Boutillier wrote: > > > > Is it "normal" that ruby-gettext-setup tests fail with the new > > > ruby-gettext? They seem to pass with the

RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)

Hi all, Please review / upload ruby-loofah 2.2.1-1, which fixes CVE-2018-8048. Changes pushed to git in branch d/2.2.1-1. Thanks, cheers, Georg signature.asc Description: Digital signature

Re: RFS: ruby-tzinfo, ruby-gettext, ruby-kgio, ruby-solve

On Wed, Mar 21, 2018 at 11:29:33PM +0300, Hleb Valoshka wrote: > On 3/21/18, Cédric Boutillier wrote: > > Is it "normal" that ruby-gettext-setup tests fail with the new > > ruby-gettext? They seem to pass with the current version on > > ci.debian.net. > I've checked

Re: RFS: ruby-tzinfo, ruby-gettext, ruby-kgio, ruby-solve

On 3/21/18, Cédric Boutillier wrote: > Is it "normal" that ruby-gettext-setup tests fail with the new > ruby-gettext? They seem to pass with the current version on > ci.debian.net. I've checked ruby-gettext-setup and can say that it doesn't actually use anything from gettext

Re: RFS: ruby-tzinfo, ruby-gettext, ruby-kgio, ruby-solve

ruby-kgio uploaded. signature.asc Description: PGP signature