Package "ruby-sanitize"

Links

Download "ruby-sanitize"

Other versions of "ruby-sanitize" in Jammy

Repository	Area	Version
base	universe	6.0.0-1
updates	universe	6.0.0-1ubuntu0.1

Changelog

Version: 6.0.0-1ubuntu0.1	2024-04-24 07:06:57 UTC
ruby-sanitize (6.0.0-1ubuntu0.1) jammy-security; urgency=medium   * SECURITY UPDATE: XSS via noscript elements when using custom allowlist     - debian/patches/CVE-2023-23627.patch: always remove noscript elements,       even if they're included in the allowlist in       lib/sanitize/transformers/clean_element.rb.     - CVE-2023-23627   * SECURITY UPDATE: XSS via style element when using "relaxed" or custom     config     - debian/patches/CVE-2023-36823.patch: prevent style element from       premature close by escaping "</" in       lib/sanitize/transformers/clean_css.rb.     - CVE-2023-36823  -- Evan Caville <email address hidden> Fri, 19 Apr 2024 12:46:55 +1000
CVE-2023-23627 Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site Scripting. When Sanitiz CVE-2023-36823 Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through

---

Share this page

Bookmarks

skype 4.3.0.37
virtualbox-4.3 4.3.40-110317
steam 1:1.0.0.79
google-chrome-beta 125.0.6422.26

Latest updates

  Packages changelogs
  Bugs & CVEs

proposed

ubuntustudio-installer (noble)
nautilus (noble)
openafs (noble)
nautilus (noble)
xdg-desktop-portal (noble)
tzdata (noble)
smifb2 (noble)
xdg-desktop-portal (noble)
runc-app (jammy)
runc-app (focal)
linux-restricted-signatures (mantic)
linux-restricted-modules (mantic)
tzdata (noble)
linux-signed (mantic)
linux-meta (mantic)
linux (mantic)
libjsoncpp (jammy)
multipath-tools (focal)
distro-info-data (bionic)
distro-info-data (xenial)
vim (noble)
far2l (noble)
vim (noble)
lintian (noble)
pam (noble)
vim (mantic)
vim (mantic)
lintian (mantic)
vim (jammy)

updates

php7.4 (focal)

See all

PPA updates

  PPAs

nginx-nr-agent (bionic)
handbrake (trusty)
code-insiders (stable)
google-chrome-unstable (stable)
firefox (noble)
firefox (mantic)
firefox (jammy)
firefox (focal)
firefox-trunk (noble)
virtualbox-7.0 (jammy)
virtualbox-7.0 (focal)
virtualbox-7.0 (bionic)
chromium (vera)
pgsphere (jammy-pgdg)
linux-restricted-modules (noble)
google-chrome-beta (stable)
code (stable)
firefox (vera)
nautilus (noble)
vivaldi-stable (stable)
linux-signed (noble)
signal-desktop (xenial)
signal-desktop-beta (xenial)
linux-signed-intel (noble)
linux-meta-intel (noble)
linux-generate-intel (noble)
linux-generate (noble)
linux-meta (noble)
kodi-peripheral-joystick (focal)
brave-browser (stable)

See all