Path to this page:
Next | Query returned 1 messages, browsing 1 to 10 | previous
CVS Commit History:
2023-01-15 20:57:02 by Benny Siegert | Files touched by this commit (2) | |
Log message:
Pullup ticket #6722 - requested by taca
www/ruby-rails-html-sanitizer: security fix
Revisions pulled up:
- www/ruby-rails-html-sanitizer/Makefile 1.6
- www/ruby-rails-html-sanitizer/distinfo 1.8
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jan 3 15:19:14 UTC 2023
Modified Files:
pkgsrc/www/ruby-rails-html-sanitizer: Makefile distinfo
Log message:
www/ruby-rails-html-sanitizer: update to 1.4.4
1.4.4 (2022-12-13)
* Address inefficient regular expression complexity with certain
configurations of Rails::Html::Sanitizer.
Fixes CVE-2022-23517. See GHSA-5x79-w82f-gw8w for more information.
Mike Dalessio
* Address improper sanitization of data URIs.
Fixes CVE-2022-23518 and #135. See GHSA-mcvf-2q2m-x72m for more information.
Mike Dalessio
* Address possible XSS vulnerability with certain configurations of
Rails::Html::Sanitizer.
Fixes CVE-2022-23520. See GHSA-rrfc-7g8p-99q8 for more information.
Mike Dalessio
* Address possible XSS vulnerability with certain configurations of
Rails::Html::Sanitizer.
Fixes CVE-2022-23519. See GHSA-9h9g-93gc-623h for more information.
Mike Dalessio
|
Next | Query returned 1 messages, browsing 1 to 10 | previous