[Git][security-tracker-team/security-tracker][master] Add information on CVE-2020-4054/ruby-sanitize

Sun Jul 12 11:52:04 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af8064bd by Salvatore Bonaccorso at 2020-07-12T12:51:15+02:00
Add information on CVE-2020-4054/ruby-sanitize

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29878,7 +29878,9 @@ CVE-2020-4054 (In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and
 	[stretch] - ruby-sanitize <not-affected> (Vulnerable code introduced later)
 	[jessie] - ruby-sanitize <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/rgrove/sanitize/security/advisories/GHSA-p4x4-rw2p-8j8m
-	NOTE: https://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9
+	NOTE: Fixed by: https://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9 (v5.2.1)
+	NOTE: Only in 5.0.0 removing of useless filtered elements content is done by default
+	NOTE: with: https://github.com/rgrove/sanitize/commit/faf9a0f432fda3cef29f0f8aad99d4dedf079d67 (v5.0.0)
 CVE-2020-4053 (In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path tra ...)
 	- helm-kubernetes <itp> (bug #910799)
 CVE-2020-4052 (In Wiki.js before 2.4.107, there is a stored cross-site scripting thro ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af8064bdab59f1027073d0396915544bba96cb78

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af8064bdab59f1027073d0396915544bba96cb78
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200712/20254c55/attachment.html>
