Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted ruby-loofah 2.2.3-1+deb10u2 (source) into oldoldstable
Date: Wed, 13 Sep 2023 11:00:19 +0000
Signed by: Sylvain Beucler <beuc@beuc.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 12 Sep 2023 14:29:39 +0200
Source: ruby-loofah
Architecture: source
Version: 2.2.3-1+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Closes: 1026083
Changes:
 ruby-loofah (2.2.3-1+deb10u2) buster-security; urgency=high
 .
   [ Sylvain Beucler ]
   * Non-maintainer upload by the LTS Security Team. (Closes: #1026083)
   * Backport: extract 'scrub_uri_attribute' for downstream use (typically
     ruby-rails-html-sanitizer, cf. CVE 2022-23515/CVE 2022-23518).
 .
   [ Daniel Leidert ]
   * d/patches/CVE-2022-23514.patch: Add patch (Fixes: CVE-2022-23514).
     - Backport patch by upstream to replace slow regex attribute check.
   * d/patches/CVE-2022-23515.patch: Add patch (Fixes: CVE-2022-23515).
     - Backport patch to fix possible XSS via image/svg+xml in data URIs.
   * d/patches/CVE-2022-23516.patch: Add patch (Fixes: CVE-2022-23516).
     - Backport patch to fix uncontrolled recursion.
   * d/patches/series: Enable new patch(es).
Checksums-Sha1:
 66e230926fb199898448882bcc70c7332259c012 2226 ruby-loofah_2.2.3-1+deb10u2.dsc
 bcad7b024c6cd5648915adbdc0e6ab2333cb4c6e 9360 ruby-loofah_2.2.3-1+deb10u2.debian.tar.xz
 d2465495897cdb530dc9e952a7005974d0945128 9053 ruby-loofah_2.2.3-1+deb10u2_all.buildinfo
Checksums-Sha256:
 7514be7b3ba06aea1c25ba6df3e6515035c4a9b67143760fd2e0abd51c1692cf 2226 ruby-loofah_2.2.3-1+deb10u2.dsc
 d9646575202e0a722273bf7ac0273c31f719356d0ada94ba15129f4f39032b23 9360 ruby-loofah_2.2.3-1+deb10u2.debian.tar.xz
 dcf3e1ddca82426bf7354f4dfa5b80987bca9ac139d1690cd79c3bdfa7faaad4 9053 ruby-loofah_2.2.3-1+deb10u2_all.buildinfo
Files:
 44f71b423abcbb7a06eb76100465c432 2226 ruby optional ruby-loofah_2.2.3-1+deb10u2.dsc
 59a8a08e1222fa29184fc07f39310c71 9360 ruby optional ruby-loofah_2.2.3-1+deb10u2.debian.tar.xz
 633f9880a567c5f36ed91ed573d512f8 9053 ruby optional ruby-loofah_2.2.3-1+deb10u2_all.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmUBjU8ACgkQDTl9HeUl
XjDMeBAAp+Et9yxyF/8ePO+YLbRWzx7gTrMEz/+vNNAkaeVcJK98xkxBZbPur2tC
s+WOm6kfZoVKFSijF7s1D2eDOHysVX5QTbR42cDnTM/1deNcXb+KxzN2S/Dd0A2+
HS/AhxonS7GdLsF9KxdLLXBVlSLNUrNjJYhI3ixAHeGJGbM9518Hd1rEXHYIFCS8
rQU2wK5imO36yF2E6ifTN2HkcMLjPaVlJlBGONrbW38kBINDB191ZDtQOmvVBrey
K1UT8AeWWdjamMicn2J8m9wrzF2KvDRiiZASI9lwXvuHYnzJRnW1lr+oF447lx8R
XAmyrh6OHkWGOiltVQ+korJdf6zGwW/cr5+Qc0iV2k94LrzQSYaD4jbn8vcdSmYm
Av9INQQ8B2oUnLBYWFWpXdo6WO1kpFlb5f0VUQVlyCQ9D1RXRYoqJa+FEuxd+zUU
asSYOMR4q11bnfiBMYLMdgZUdP9VELJ0uxqLp8CP8lbh9t0puy2elCTWfoi/dBJJ
amgIorPVaif7gcH7ozVdPrcWYWonbEpxHZyZSQxu2WCWeIwVQ9+k+CtqtmKpDSXu
nV4iSCFD8CseoNFxKMkQniTxyxLpz7a71MQ1u6eTqst4ke38qrU2qSFxuSKuiv0F
a/BH1vfwLbw0GLK5pbV7cOOcNEe9np7zKXG5kA9hSFZ+lvfVwwo=
=Pg7z
-----END PGP SIGNATURE-----

News for package ruby-loofah