pkgsrc.se | The NetBSD package collection

Subject: CVS commit: pkgsrc/www/ruby-rails-html-sanitizer
From: Takahiro Kambe
Date: 2023-01-03 16:19:14
Message id: 20230103151914.224DFFA90@cvs.NetBSD.org

Log Message:
www/ruby-rails-html-sanitizer: update to 1.4.4

1.4.4 (2022-12-13)

* Address inefficient regular expression complexity with certain
  configurations of Rails::Html::Sanitizer.

  Fixes CVE-2022-23517. See GHSA-5x79-w82f-gw8w for more information.

  Mike Dalessio

* Address improper sanitization of data URIs.

  Fixes CVE-2022-23518 and #135. See GHSA-mcvf-2q2m-x72m for more information.

  Mike Dalessio

* Address possible XSS vulnerability with certain configurations of
  Rails::Html::Sanitizer.

  Fixes CVE-2022-23520. See GHSA-rrfc-7g8p-99q8 for more information.

  Mike Dalessio

* Address possible XSS vulnerability with certain configurations of
  Rails::Html::Sanitizer.

  Fixes CVE-2022-23519. See GHSA-9h9g-93gc-623h for more information.

  Mike Dalessio

Files:

Revision	Action	file
1.6	modify	pkgsrc/www/ruby-rails-html-sanitizer/Makefile
1.8	modify	pkgsrc/www/ruby-rails-html-sanitizer/distinfo