Publishing details

Published on 2024-04-24
Copied from ubuntu mantic in PPA for Ubuntu Security Proposed by Evan Caville

Changelog

ruby-sanitize (6.0.0-1.1ubuntu0.23.10.1) mantic-security; urgency=medium

  * SECURITY UPDATE: XSS via style element when using "relaxed" or custom
    config
    - debian/patches/CVE-2023-36823.patch: prevent style element from
      premature close by escaping "</" in
      lib/sanitize/transformers/clean_css.rb.
    - CVE-2023-36823

 -- Evan Caville <email address hidden>  Fri, 19 Apr 2024 12:30:54 +1000

Available diffs

diff from 6.0.0-1.1 (in Debian) to 6.0.0-1.1ubuntu0.23.10.1 (1.5 KiB)

Builds

amd64

Built packages

ruby-sanitize whitelist-based HTML sanitizer

Package files

ruby-sanitize_6.0.0-1.1ubuntu0.23.10.1.debian.tar.xz (17.6 KiB)
ruby-sanitize_6.0.0-1.1ubuntu0.23.10.1.dsc (2.2 KiB)
ruby-sanitize_6.0.0-1.1ubuntu0.23.10.1_all.deb (25.2 KiB)
ruby-sanitize_6.0.0.orig.tar.gz (41.8 KiB)