[DRE-maint] Bug#893596: ruby-loofah: CVE-2018-8048
Salvatore Bonaccorso
carnil at debian.org
Tue Mar 20 09:14:22 UTC 2018
Source: ruby-loofah
Version: 2.0.3-2
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/flavorjones/loofah/issues/144
Hi,
the following vulnerability was published for ruby-loofah.
CVE-2018-8048[0]:
XSS vulnerability
The issue is actually raised by an underlying issue in libxml2, but
the CVE is specifically assigned for the loofah fix.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-8048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8048
[1] https://github.com/flavorjones/loofah/issues/144
[2] https://github.com/flavorjones/loofah/commit/4a08c25a603654f2fc505a7d2bf0c35a39870ad7
Regards,
Salvatore
More information about the Pkg-ruby-extras-maintainers
mailing list