[Git][security-tracker-team/security-tracker][master] ruby-rails-html-sanitizer n/a

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0105a583 by Moritz Muehlenhoff at 2024-12-03T17:26:24+01:00
ruby-rails-html-sanitizer n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14,15 +14,26 @@ CVE-2024-9058 (The Element Pack Elementor Addons (Header Footer, Template Librar
 CVE-2024-8748 (A buffer overflow vulnerability in the packet parser of the third-part ...)
 	NOT-FOR-US: Zyxel
 CVE-2024-53989 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
-	NOT-FOR-US: rails-html-sanitizer
+	- ruby-rails-html-sanitizer <not-affected> (Only affects 1.6.0)
+	NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rxv5-gxqc-xx8g
+	NOTE: https://github.com/rails/rails-html-sanitizer/commit/16251735e36ebdc302e2f90f2a39cad56879414f (v1.6.1)
 CVE-2024-53988 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
-	NOT-FOR-US: rails-html-sanitizer
+	- ruby-rails-html-sanitizer <not-affected> (Only affects 1.6.0)
+	NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-cfjx-w229-hgx5
+	NOTE: https://github.com/rails/rails-html-sanitizer/commit/a0a3e8b76b696446ffc6bffcff3bc7b7c6393c72 (v1.6.1)
 CVE-2024-53987 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
-	NOT-FOR-US: rails-html-sanitizer
+	- ruby-rails-html-sanitizer <not-affected> (Only affects 1.6.0)
+	NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-2x5m-9ch4-qgrr
+	NOTE: https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e (v1.6.1)
 CVE-2024-53986 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
-	NOT-FOR-US: rails-html-sanitizer
+	- ruby-rails-html-sanitizer <not-affected> (Only affects 1.6.0)
+	NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-638j-pmjw-jq48
+	NOTE: https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e (v1.6.1)
 CVE-2024-53985 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
-	NOT-FOR-US: rails-html-sanitizer
+	- ruby-rails-html-sanitizer <not-affected> (Only affects 1.6.0)
+	NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-w8gc-x259-rc7x
+	NOTE: https://github.com/rails/rails-html-sanitizer/commit/b0220b8850d52199a15f83c472d175a4122dd7b1 (v1.6.1)
+	NOTE: https://github.com/rails/rails-html-sanitizer/commit/cd18b0ef00aad1d4a9e1c5d860cd23f80f63c505 (v1.6.1)
 CVE-2024-53941 (An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V ...)
 	NOT-FOR-US: Victure RX1800 WiFi 6 Route
 CVE-2024-53940 (An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0105a583cae0a11787f6f90ff82ae95c04464d5c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0105a583cae0a11787f6f90ff82ae95c04464d5c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241203/e907ea48/attachment.htm>