UbuntuUpdates.org

Package "ruby-sanitize"

Name: ruby-sanitize

Description:

whitelist-based HTML sanitizer
Latest version: 6.0.0-1ubuntu0.1
Release: jammy (22.04)
Level: security
Repository: universe
Homepage: https://github.com/rgrove/sanitize/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ruby-sanitize"

All arch deb package
APT INSTALL

Other versions of "ruby-sanitize" in Jammy

Repository Area Version
base universe 6.0.0-1
updates universe 6.0.0-1ubuntu0.1

Changelog

Version: 6.0.0-1ubuntu0.1 2024-04-24 07:06:57 UTC

  ruby-sanitize (6.0.0-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: XSS via noscript elements when using custom allowlist
    - debian/patches/CVE-2023-23627.patch: always remove noscript elements,
      even if they're included in the allowlist in
      lib/sanitize/transformers/clean_element.rb.
    - CVE-2023-23627
  * SECURITY UPDATE: XSS via style element when using "relaxed" or custom
    config
    - debian/patches/CVE-2023-36823.patch: prevent style element from
      premature close by escaping "</" in
      lib/sanitize/transformers/clean_css.rb.
    - CVE-2023-36823

 -- Evan Caville <email address hidden> Fri, 19 Apr 2024 12:46:55 +1000
CVE-2023-23627 Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site Scripting. When Sanitiz
CVE-2023-36823 Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through


About   -   Send Feedback to @ubuntu_updates