1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
ruby-rails-html-sanitizer (1.0.3-2) unstable; urgency=medium
* Team upload.
[ Cédric Boutillier ]
* Bump debhelper compatibility level to 9
* Use https:// in Vcs-* fields
* Bump Standards-Version to 3.9.7 (no changes needed)
[ Christian Hofstaedtler ]
* Drop ruby-rails from Depends, as no lib code actually loads rails;
makes the dependency cycle a little less bad.
-- Christian Hofstaedtler <zeha@debian.org> Sat, 05 Mar 2016 04:24:42 +0100
ruby-rails-html-sanitizer (1.0.3-1) unstable; urgency=high
* New upstream release. Contains fixes for several XSS vulnerabilities:
CVE-2015-7578 CVE-2015-7579 CVE-2015-7580 (Closes: #812814)
* debian/ruby-tests.rake: re-enable test that was disabled
* 0001-Skip-some-tests-under-Debian.patch: skip tests where the sanitized
HTML is XSS-free but does not match the exact content expected by the
upstream test suite. I suspect that is due to Nokogiri not using its own
patched version of libxml2 in Debian, but can't be sure of that yet.
Also, the same tests would already fail on 1.0.2 if enabled.
-- Antonio Terceiro <terceiro@debian.org> Tue, 26 Jan 2016 19:36:51 -0200
ruby-rails-html-sanitizer (1.0.2-1) unstable; urgency=medium
* Initial release (Closes: #784326)
* Disabled a test as it required gems which have Rails > 4.2.0 in its
dependency chain
-- Balasankar C <balasankarc@autistici.org> Tue, 05 May 2015 13:07:22 +0530
|
