Re: ruby-loofah 2.0.3-2 (stretch) update (CVE-2018-8048)

2018-04-11 Thread Cédric Boutillier
Hi, On Mon, Apr 09, 2018 at 01:12:46AM +0200, Georg Faerber wrote: > @Ruby team: Gentle ping; could someone please take care of the upload? Package finally uploaded to security master. Thanks for your work on this. Cédric signature.asc Description: PGP signature

Re: ruby-loofah 2.0.3-2 (stretch) update (CVE-2018-8048)

2018-04-08 Thread Georg Faerber
Hi, @Ruby team: Gentle ping; could someone please take care of the upload? Thanks, cheers, Georg On 18-04-03 12:05:28, Georg Faerber wrote: > On 18-04-03 11:53:08, Salvatore Bonaccorso wrote: > > On Sun, Mar 25, 2018 at 07:10:40PM +0200, Georg Faerber wrote: > > > On 18-03-22 17:23:48, Moritz

Re: ruby-loofah 2.0.3-2 (stretch) update (CVE-2018-8048)

2018-04-03 Thread Georg Faerber
Hi all, On 18-04-03 11:53:08, Salvatore Bonaccorso wrote: > On Sun, Mar 25, 2018 at 07:10:40PM +0200, Georg Faerber wrote: > > On 18-03-22 17:23:48, Moritz Muehlenhoff wrote: > > > On Thu, Mar 22, 2018 at 05:21:15PM +0100, Georg Faerber wrote: > > > > I would like to fix CVE-2018-8048, which is

Re: ruby-loofah 2.0.3-2 (stretch) update (CVE-2018-8048)

2018-04-03 Thread Salvatore Bonaccorso
Hi Georg On Sun, Mar 25, 2018 at 07:10:40PM +0200, Georg Faerber wrote: > Hi security team, > > On 18-03-22 17:23:48, Moritz Muehlenhoff wrote: > > On Thu, Mar 22, 2018 at 05:21:15PM +0100, Georg Faerber wrote: > > > I would like to fix CVE-2018-8048, which is currently present in > > >

Re: ruby-loofah 2.0.3-2 (stretch) update (CVE-2018-8048)

2018-03-31 Thread Georg Faerber
Hi security team, Friendly ping on this? Did you had a chance to do a review? Anything I could do to fix ruby-loofah in stretch? Thanks for your work, cheers, Georg On 18-03-25 19:10:40, Georg Faerber wrote: > On 18-03-22 17:23:48, Moritz Muehlenhoff wrote: > > On Thu, Mar 22, 2018 at

Re: ruby-loofah 2.0.3-2 (stretch) update (CVE-2018-8048)

2018-03-25 Thread Georg Faerber
Hi security team, On 18-03-22 17:23:48, Moritz Muehlenhoff wrote: > On Thu, Mar 22, 2018 at 05:21:15PM +0100, Georg Faerber wrote: > > I would like to fix CVE-2018-8048, which is currently present in > > ruby-loofah 2.0.3-2 in stretch. Do you prefer an "straight" upload > > done by you, or should

Re: ruby-loofah 2.0.3-2 (stretch) update (CVE-2018-8048)

2018-03-25 Thread Cédric Boutillier
Hi! On Sat, Mar 24, 2018 at 04:41:17PM +0100, Georg Faerber wrote: > Some notes (doing this for the first time..): > > - AFAIK, the delta should be kept as small as possible, that's why I > didn't added a description for the patch. It is better to add DEP-3 header anyway. The size of the

Re: ruby-loofah 2.0.3-2 (stretch) update (CVE-2018-8048)

2018-03-24 Thread Georg Faerber
On 18-03-24 16:41:17, Georg Faerber wrote: > --- ruby-loofah-2.0.3/debian/changelog2016-01-07 14:22:29.0 > +0100 > +++ ruby-loofah-2.0.3/debian/changelog2018-03-24 16:13:55.0 > +0100 > @@ -1,3 +1,10 @@ > +ruby-loofah (2.0.3-2+deb9u1) stretch-security; urgency=high

Re: ruby-loofah 2.0.3-2 (stretch) update (CVE-2018-8048)

2018-03-24 Thread Georg Faerber
Hi all, On 18-03-22 17:21:15, Georg Faerber wrote: > I would like to fix CVE-2018-8048, which is currently present in > ruby-loofah 2.0.3-2 in stretch. Do you prefer an "straight" upload done > by you, or should this be instead an upload via stretch-pu? > > In any case, I'll prepare a patch.

Re: ruby-loofah 2.0.3-2 (stretch) update (CVE-2018-8048)

2018-03-22 Thread Moritz Muehlenhoff
On Thu, Mar 22, 2018 at 05:21:15PM +0100, Georg Faerber wrote: > Dear security team, > > I would like to fix CVE-2018-8048, which is currently present in > ruby-loofah 2.0.3-2 in stretch. Do you prefer an "straight" upload done > by you, or should this be instead an upload via stretch-pu? > > In