[DRE-maint] Bug#893610: ruby-sanitize: CVE-2018-3740
Salvatore Bonaccorso
carnil at debian.org
Tue Mar 20 12:52:50 UTC 2018
Source: ruby-sanitize
Version: 2.1.0-1
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/rgrove/sanitize/issues/176
Hi,
the following vulnerability was published for ruby-sanitize.
CVE-2018-3740[0]:
Sanitize HTML injection vulnerability
Code has changed quite a bit (e.g. 'clean' -> 'frament' method change
in v3.0.0, but the underlying issue seems present in 2.1.0 based
version as well afaics).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-3740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3740
[1] https://github.com/rgrove/sanitize/issues/176
[2] https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e
Regards,
Salvatore
More information about the Pkg-ruby-extras-maintainers
mailing list