[Git][security-tracker-team/security-tracker][master] Reserve DLA-3565-1 for ruby-loofah

Wed Sep 13 15:31:36 BST 2023


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
81bdd03c by Sylvain Beucler at 2023-09-13T16:31:15+02:00
Reserve DLA-3565-1 for ruby-loofah

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -119870,7 +119870,6 @@ CVE-2022-23517 (rails-html-sanitizer is responsible for sanitizing HTML fragment
 CVE-2022-23516 (Loofah is a general library for manipulating and transforming HTML/XML ...)
 	- ruby-loofah 2.19.1-1 (bug #1026083)
 	[bullseye] - ruby-loofah <no-dsa> (Minor issue)
-	[buster] - ruby-loofah <no-dsa> (Minor issue)
 	NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm
 	NOTE: https://github.com/flavorjones/loofah/commit/86f7f6364491b0099d215db858ecdc0c89ded040
 CVE-2022-23515 (Loofah is a general library for manipulating and transforming HTML/XML ...)
@@ -119881,7 +119880,6 @@ CVE-2022-23515 (Loofah is a general library for manipulating and transforming HT
 CVE-2022-23514 (Loofah is a general library for manipulating and transforming HTML/XML ...)
 	- ruby-loofah 2.19.1-1 (bug #1026083)
 	[bullseye] - ruby-loofah <no-dsa> (Minor issue)
-	[buster] - ruby-loofah <no-dsa> (Minor issue)
 	NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh
 	NOTE: https://github.com/flavorjones/loofah/commit/a6e0a1ab90675a17b1b2be189129d94139e4b143
 CVE-2022-23513 (Pi-Hole is a network-wide ad blocking via your own Linux hardware, Adm ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[13 Sep 2023] DLA-3565-1 ruby-loofah - security update
+	{CVE-2022-23514 CVE-2022-23515 CVE-2022-23516}
+	[buster] - ruby-loofah 2.2.3-1+deb10u2
 [12 Sep 2023] DLA-3564-1 e2guardian - security update
 	{CVE-2021-44273}
 	[buster] - e2guardian 5.3.1-1+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -196,13 +196,6 @@ rails
 ring
   NOTE: 20230903: Added by Front-Desk (gladk)
 --
-ruby-loofah (Sylvain Beucler)
-  NOTE: 20221231: Added by Front-Desk (ola)
-  NOTE: 20230313: Pinged Daniel re. patches in repo ^. (lamby)
-  NOTE: 20230403: See "RFC: ruby-loofah 2.2.3-1+deb10u2" thread on debian-lts list. (lamby)
-  NOTE: 20230403: Everything ready in git, just waiting for ruby-rails-html-sanitizer/utkarsh (dleidert/inactive)
-  NOTE: 20230808: utkarsh mentions on IRC he's busy with other packages, this is "free to claim atm". (Beuc/front-desk)
---
 ruby-rails-html-sanitizer (Sylvain Beucler)
   NOTE: 20221231: Added by Front-Desk (ola)
   NOTE: 20230303: this cannot be fixed unless ruby-loofah is fixed with appropriate methods. (utkarsh)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81bdd03c3f7b9030c12f516a656c43d983daec28

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81bdd03c3f7b9030c12f516a656c43d983daec28
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230913/d77f50ea/attachment-0001.htm>
