Subject: CVS commit: pkgsrc/textproc/ruby-sanitize
From: Takahiro Kambe
Date: 2023-07-09 04:56:28
Message id: 20230709025628.58AA4FBDB@cvs.NetBSD.org

Log Message:
textproc/ruby-sanitize: update to 6.0.2

6.0.2 (2023-07-06)

Bug Fixes

* CVE-2023-36823: Fixed an HTML+CSS sanitization bypass that could allow XSS
  (cross-site scripting). This issue affects Sanitize versions 3.0.0 through
  6.0.1.

  When using Sanitize's relaxed config or a custom config that allows
  <style> elements and one or more CSS at-rules, carefully crafted input
  could be used to sneak arbitrary HTML through Sanitize.

  See the following security advisory for additional details:
  GHSA-f5ww-cq3m-q3g7

  Thanks to @cure53 for finding this issue.

Files:
RevisionActionfile
1.3modifypkgsrc/textproc/ruby-sanitize/Makefile
1.3modifypkgsrc/textproc/ruby-sanitize/distinfo