-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 26 Jan 2016 19:36:51 -0200 Source: ruby-rails-html-sanitizer Binary: ruby-rails-html-sanitizer Architecture: source Version: 1.0.3-1 Distribution: unstable Urgency: high Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Antonio Terceiro <terceiro@debian.org> Description: ruby-rails-html-sanitizer - HTML sanitization for Rails applications Closes: 812814 Changes: ruby-rails-html-sanitizer (1.0.3-1) unstable; urgency=high . * New upstream release. Contains fixes for several XSS vulnerabilities: CVE-2015-7578 CVE-2015-7579 CVE-2015-7580 (Closes: #812814) * debian/ruby-tests.rake: re-enable test that was disabled * 0001-Skip-some-tests-under-Debian.patch: skip tests where the sanitized HTML is XSS-free but does not match the exact content expected by the upstream test suite. I suspect that is due to Nokogiri not using its own patched version of libxml2 in Debian, but can't be sure of that yet. Also, the same tests would already fail on 1.0.2 if enabled. Checksums-Sha1: f4c7470cc9b1c3d1d824d51e5bdaf954dc3db0b5 2254 ruby-rails-html-sanitizer_1.0.3-1.dsc 19cf3baa8925c5314d84c207dcc473a409fb3bae 12012 ruby-rails-html-sanitizer_1.0.3.orig.tar.gz 5620823ad032f94399a4cdfa38ab2721faacbcda 3244 ruby-rails-html-sanitizer_1.0.3-1.debian.tar.xz Checksums-Sha256: 2ef86a8ee84d0ccf7b19d524d3fea04693499b2d1b314af26a3f651954e522ee 2254 ruby-rails-html-sanitizer_1.0.3-1.dsc 5727cbb975fcf8ccf18a7dee5e3db45dfe15a416f5468009bd33252c3bf490f7 12012 ruby-rails-html-sanitizer_1.0.3.orig.tar.gz 4ab79e55188505e1ae79649678a4f508d7ab2f41c96e0c2c0df6526ef509635d 3244 ruby-rails-html-sanitizer_1.0.3-1.debian.tar.xz Files: d9e1a8212febb62d718d0b7910f02b89 2254 ruby optional ruby-rails-html-sanitizer_1.0.3-1.dsc 39f76abfdc72aeafcc3593347f1bf571 12012 ruby optional ruby-rails-html-sanitizer_1.0.3.orig.tar.gz ad1db8aa4316d19d22e51d1ac723ebf2 3244 ruby optional ruby-rails-html-sanitizer_1.0.3-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWp+ytAAoJEPwNsbvNRgvejXAQAJcTNL58wzHmzcdPkzcx0oNl DW1AvH/qgJ5OquHBHZOwX71gYMsQKUybTgKrgJOl59tNIcwTLfDFis2m1RgNoLkf 8Cnypy4XzO75bOE2s4Fjchu1kHfAVFXah2N88dtytAfT4Fk/tLqt1NRgt17+KZGP KZJLZJAb9aiv/Dtgek4ujPgYEQ/ZIifgsiG75WjP2Jc76W4Qh8bqHdvASCR2ta5h Ze4QQcllfN+3yDT4VWzukC+xS4uA3IRchDWNpzXqPKtSPnTow9zQxHrMRpOWPbtY rERgumkX/ra32FDNJUyWBJkl3Ow2MYb31L0qmTdnUX+4U8osCPCZTAX2+WPyO/IW /2UTO/tIO3+xBk8GZa5YLX+mPsWLHYUdEQo/B3R2ByTqfp0z41kiSLfD1JwDhaGw RHXKYDPDKJLcZZxDPzjMFpbxZqD8XxmUQJt1Jy0Cky57+YKP9PoZjZYyxA05YKJO C7vog7Erg7Uj/0s9hYjohy37yjSo/7zOpFE5llG4+MZRY16+x//Nqg8pxJeMRMn1 atuVMCPzsimNqq7yYrRRqiRyBlJq2/QsH9HwyxJ1mQPYdV6VB/AI2vqPxT2b5V+/ qyiA2NnmN+plLC+2GAS2tqj+Ff3Vs+sXiwmgOcRsuTQr/X/9hTfAPjSw494BckpX 0L+memNUc/CmEYjZaZnp =BQFA -----END PGP SIGNATURE-----
