[Git][security-tracker-team/security-tracker][master] Reserve DLA-3901-1 for ruby-loofah

Sat Sep 28 21:04:25 BST 2024


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
05674526 by Adrian Bunk at 2024-09-28T23:04:12+03:00
Reserve DLA-3901-1 for ruby-loofah

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -213135,19 +213135,16 @@ CVE-2022-23517 (rails-html-sanitizer is responsible for sanitizing HTML fragment
 CVE-2022-23516 (Loofah is a general library for manipulating and transforming HTML/XML ...)
 	{DLA-3565-1}
 	- ruby-loofah 2.19.1-1 (bug #1026083)
-	[bullseye] - ruby-loofah <no-dsa> (Minor issue)
 	NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm
 	NOTE: https://github.com/flavorjones/loofah/commit/86f7f6364491b0099d215db858ecdc0c89ded040
 CVE-2022-23515 (Loofah is a general library for manipulating and transforming HTML/XML ...)
 	{DLA-3565-1}
 	- ruby-loofah 2.19.1-1 (bug #1026083)
-	[bullseye] - ruby-loofah <no-dsa> (Minor issue)
 	NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx
 	NOTE: https://github.com/flavorjones/loofah/commit/415677f3cf7f9254f42f811e784985cd63c7407f
 CVE-2022-23514 (Loofah is a general library for manipulating and transforming HTML/XML ...)
 	{DLA-3565-1}
 	- ruby-loofah 2.19.1-1 (bug #1026083)
-	[bullseye] - ruby-loofah <no-dsa> (Minor issue)
 	NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh
 	NOTE: https://github.com/flavorjones/loofah/commit/a6e0a1ab90675a17b1b2be189129d94139e4b143
 CVE-2022-23513 (Pi-Hole is a network-wide ad blocking via your own Linux hardware, Adm ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Sep 2024] DLA-3901-1 ruby-loofah - security update
+	{CVE-2022-23514 CVE-2022-23515 CVE-2022-23516}
+	[bullseye] - ruby-loofah 2.7.0+dfsg-1+deb11u1
 [28 Sep 2024] DLA-3900-1 ruby-httparty - security update
 	{CVE-2024-22049}
 	[bullseye] - ruby-httparty 0.18.1-2+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -186,9 +186,6 @@ qemu (Adrian Bunk)
   NOTE: 20240815: Follow fixes from bookworm 12.6 (CVE-2024-3446,CVE-2024-3447)
   NOTE: 20240815: CVE-2024-4467 fix also proposed for 12.7 (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076504)
 --
-ruby-loofah (Adrian Bunk)
-  NOTE: 20240928: Required for fixing ruby-rails-html-sanitizer. (bunk)
---
 ruby-rails-html-sanitizer (Adrian Bunk)
   NOTE: 20230901: Added by oldstable Security Team (jmm)
   NOTE: 20240815: Follow fixes from DLA-3566-1 and DLA-3227-1 (5 CVEs) (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0567452695d6f365ac78b645500eacde20041f60

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0567452695d6f365ac78b645500eacde20041f60
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240928/db9f7157/attachment.htm>
