UbuntuUpdates.org

Package "ruby-redcloth"

Name: ruby-redcloth

Description:

Textile module for Ruby

Latest version: 4.3.2-4ubuntu0.22.04.1
Release: jammy (22.04)
Level: updates
Repository: universe
Homepage: https://github.com/jgarber/redcloth

Links


Download "ruby-redcloth"


Other versions of "ruby-redcloth" in Jammy

Repository Area Version
base universe 4.3.2-4
security universe 4.3.2-4ubuntu0.22.04.1

Changelog

Version: 4.3.2-4ubuntu0.22.04.1 2023-09-13 04:07:34 UTC

  ruby-redcloth (4.3.2-4ubuntu0.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: denial of service issue from use regular expression
    during html sanitisation
    - debian/patches/CVE-2023-31606.patch: regular expression updated to use
      possessive quantifier.
    - CVE-2023-31606

 -- Evan Caville <email address hidden> Mon, 11 Sep 2023 12:33:24 +1000

CVE-2023-31606 A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows a



About   -   Send Feedback to @ubuntu_updates