-
ruby-sanitize (6.0.0-1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: XSS via noscript elements when using custom allowlist
- debian/patches/CVE-2023-23627.patch: always remove noscript elements,
even if they're included in the allowlist in
lib/sanitize/transformers/clean_element.rb.
- CVE-2023-23627
* SECURITY UPDATE: XSS via style element when using "relaxed" or custom
config
- debian/patches/CVE-2023-36823.patch: prevent style element from
premature close by escaping "</" in
lib/sanitize/transformers/clean_css.rb.
- CVE-2023-36823
-- Evan Caville <email address hidden> Fri, 19 Apr 2024 12:46:55 +1000
-
ruby-sanitize (6.0.0-1) unstable; urgency=medium
* Team upload.
* New upstream version 6.0.0
* Do not depend on ruby-nokogumbo
* Update years of upstream copyright
* Update ruby-nokogiri version constraint
-- Lucas Kanashiro <email address hidden> Thu, 27 Jan 2022 16:56:32 -0300
-
ruby-sanitize (5.2.3-1) unstable; urgency=medium
* Team upload.
* New upstream release.
- Fixes issue when using keyword arguments (closes: #996381).
* d/control: Add Rules-Requires-Root field.
(Standards-Version): Bump to 4.6.0.
(Build-Depends): Bump ruby-nokogiri version. Bump ruby-nokogumbo to
Ruby 3.0 compatible version (causing #996381 as well).
(Depends): Remove interpreters and use ${ruby:Depends}.
* d/copyright (Copyright): Update and add team.
* d/rules: Install upstream changelog.
* d/upstream/metadata: Add missing fields.
-- Daniel Leidert <email address hidden> Wed, 24 Nov 2021 00:34:42 +0100
-
ruby-sanitize (5.2.1-2) unstable; urgency=medium
* Team upload
* Reupload to unstable
* Add Breaks: ruby-gollum-lib (<< 4.2.7.9-2~)
-- Pirate Praveen <email address hidden> Tue, 01 Dec 2020 20:05:08 +0530