-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4554-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 28, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ruby-loofah CVE ID : CVE-2019-15587 Debian Bug : 942894 It was discovered that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, was susceptible to cross-site scripting. For the oldstable distribution (stretch), this problem has been fixed in version 2.0.3-2+deb9u3. For the stable distribution (buster), this problem has been fixed in version 2.2.3-1+deb10u1. We recommend that you upgrade your ruby-loofah packages. For the detailed security status of ruby-loofah please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ruby-loofah Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl23XXAACgkQEMKTtsN8 TjYCaBAAqyjSM7fUNR78VACNlJVYMhFSv2BVc+0kMvrg7EtZbm6NZbnTmEk8Fikt M2BTFsN0vj/A9I7rwK1OfPqh3+PmPareg/zxFwv4FM5Mtb0rN0HfbMVuD0rBacv6 kfGzvtjoGDnRQg7tpfKdmxCXiLynW2b1x8fZaNKbjAyAdBlJW5zG7t9NB1IsbzX1 GE0GF5krsrZphEtCPlEjy3N2szMvDLtos6Opfvqc7YmvVl95FXKk/mfFQE5Nof7Y hdF65ogmq4a9gHpA+zg+VLtY42W0Sxokg7Z+rr6Mg3j6R+lEPokTbz0M/VdVVsqv 4hH12aS8h9TDPaQr0pbSOc3X8cWSC+QUB4+6RYmG+YjTGKfXcKbmqutDkLFdfYhn 64NdQMhHlVF95iGMVtmkRbuZyj/IsX8M0R3vHYxqwTAxQKtOkGxlxTgn1yQNwfhe div3USFxCoCxMbG/XMyR3Dxc131H/h/Y+hps9UJXi9v7oshtzovkLGcsB8E1uoQd Th3iPwCXlPQZg3BkwTBFifTGGdbF146aYGFj2waRdhLXuKMVgtJpO2FeK7fsPMe4 KfYjmdfp2BUwB7uvx2PlnVgMIMyVsxC97CUM0qkoQnDC+jDGuE3WI7dW0IAmuZnQ PNso9klwB8VWzEPLCvWcyz+ukqhw8r6nQP41jcZHylfq15kH18s= =YW4u -----END PGP SIGNATURE-----