[Git][security-tracker-team/security-tracker][master] Add four new ruby-rails-html-sanitizer issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 14 20:50:18 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e3002203 by Salvatore Bonaccorso at 2022-12-14T21:48:56+01:00
Add four new ruby-rails-html-sanitizer issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -70609,13 +70609,19 @@ CVE-2022-23522
CVE-2022-23521
RESERVED
CVE-2022-23520 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
- TODO: check
+ - ruby-rails-html-sanitizer <unfixed>
+ NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8
CVE-2022-23519 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
- TODO: check
+ - ruby-rails-html-sanitizer <unfixed>
+ NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h
CVE-2022-23518 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
- TODO: check
+ - ruby-rails-html-sanitizer <unfixed>
+ NOTE: https://github.com/rails/rails-html-sanitizer/issues/135
+ NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m
CVE-2022-23517 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
- TODO: check
+ - ruby-rails-html-sanitizer <unfixed>
+ NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w
+ NOTE: https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979
CVE-2022-23516 (Loofah is a general library for manipulating and transforming HTML/XML ...)
- ruby-loofah 2.19.1-1 (bug #1026083)
NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3002203dcfd2ced0a49dd691bf100aa9533d5f0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3002203dcfd2ced0a49dd691bf100aa9533d5f0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221214/67d8b28c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list