UbuntuUpdates.org

Package "ruby-sanitize"

Name: ruby-sanitize

Description:

whitelist-based HTML sanitizer

Latest version: 4.6.6-2.1~0.20.04.2
Release: focal (20.04)
Level: security
Repository: universe
Homepage: https://github.com/rgrove/sanitize/

Links


Download "ruby-sanitize"


Other versions of "ruby-sanitize" in Focal

Repository Area Version
base universe 4.6.6-2
updates universe 4.6.6-2.1~0.20.04.2

Changelog

Version: 4.6.6-2.1~0.20.04.2 2024-04-24 07:06:56 UTC

  ruby-sanitize (4.6.6-2.1~0.20.04.2) focal-security; urgency=medium

  * SECURITY UPDATE: XSS via style element when using "relaxed" or custom
    config
    - debian/patches/CVE-2023-36823.patch: prevent style element from
      premature close by escaping "</" in
      lib/sanitize/transformers/clean_css.rb.
    - CVE-2023-36823

 -- Evan Caville <email address hidden> Fri, 19 Apr 2024 12:42:19 +1000

Source diff to previous version
CVE-2023-36823 Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through

Version: 4.6.6-2.1~0.20.04.1 2020-09-22 22:06:23 UTC

  ruby-sanitize (4.6.6-2.1~0.20.04.1) focal-security; urgency=medium

  * No change rebuild for focal.

 -- Mike Salvatore <email address hidden> Tue, 22 Sep 2020 15:39:11 -0400




About   -   Send Feedback to @ubuntu_updates