[Git][security-tracker-team/security-tracker][master] 2 commits: Reference fix for CVE-2018-16468/ruby-loofah

Sun Dec 30 07:48:46 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
646c46ca by Salvatore Bonaccorso at 2018-12-30T07:47:34Z
Reference fix for CVE-2018-16468/ruby-loofah

- - - - -
589c5043 by Salvatore Bonaccorso at 2018-12-30T07:48:08Z
CVE-2018-16468/ruby-loofah fixed in unstable via new upstream version

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17336,8 +17336,9 @@ CVE-2018-16470 (There is a possible DoS vulnerability in the multipart parser in
 CVE-2018-16469 (The merge.recursive function in the merge package v <1.2 can be ...)
 	NOT-FOR-US: merge package v
 CVE-2018-16468 (In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may ...)
-	- ruby-loofah <unfixed> (bug #912398)
+	- ruby-loofah 2.2.3-1 (bug #912398)
 	NOTE: https://github.com/flavorjones/loofah/issues/154
+	NOTE: https://github.com/flavorjones/loofah/commit/71e4b5434fbcb2ad87643f0c9fecfc3a847943c4 (v2.2.3)
 CVE-2018-16467 (A missing check in Nextcloud Server prior to 14.0.0 could give ...)
 	- nextcloud <itp> (bug #835086)
 CVE-2018-16466 (Improper revalidation of permissions in Nextcloud Server prior to ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/73460bb10a96a0636c01e464e0d8325472ff11fa...589c504326daf6c227a6b678ae493e665ff2e24e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/73460bb10a96a0636c01e464e0d8325472ff11fa...589c504326daf6c227a6b678ae493e665ff2e24e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181230/a256a230/attachment.html>
