CVS commit: pkgsrc/textproc/ruby-sanitize

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/textproc/ruby-sanitize
From: "Takahiro Kambe" <taca%netbsd.org@localhost>
Date: Sun, 9 Jul 2023 02:56:28 +0000

Module Name:    pkgsrc
Committed By:   taca
Date:           Sun Jul  9 02:56:28 UTC 2023

Modified Files:
        pkgsrc/textproc/ruby-sanitize: Makefile distinfo

Log Message:
textproc/ruby-sanitize: update to 6.0.2

6.0.2 (2023-07-06)

Bug Fixes

* CVE-2023-36823: Fixed an HTML+CSS sanitization bypass that could allow XSS
  (cross-site scripting). This issue affects Sanitize versions 3.0.0 through
  6.0.1.

  When using Sanitize's relaxed config or a custom config that allows
  <style> elements and one or more CSS at-rules, carefully crafted input
  could be used to sneak arbitrary HTML through Sanitize.

  See the following security advisory for additional details:
  GHSA-f5ww-cq3m-q3g7

  Thanks to @cure53 for finding this issue.


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 pkgsrc/textproc/ruby-sanitize/Makefile \
    pkgsrc/textproc/ruby-sanitize/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/textproc/ruby-sanitize/Makefile
diff -u pkgsrc/textproc/ruby-sanitize/Makefile:1.2 pkgsrc/textproc/ruby-sanitize/Makefile:1.3
--- pkgsrc/textproc/ruby-sanitize/Makefile:1.2  Sat Feb  4 13:33:10 2023
+++ pkgsrc/textproc/ruby-sanitize/Makefile      Sun Jul  9 02:56:28 2023
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.2 2023/02/04 13:33:10 taca Exp $
+# $NetBSD: Makefile,v 1.3 2023/07/09 02:56:28 taca Exp $
 
-DISTNAME=      sanitize-6.0.1
+DISTNAME=      sanitize-6.0.2
 CATEGORIES=    textproc
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
Index: pkgsrc/textproc/ruby-sanitize/distinfo
diff -u pkgsrc/textproc/ruby-sanitize/distinfo:1.2 pkgsrc/textproc/ruby-sanitize/distinfo:1.3
--- pkgsrc/textproc/ruby-sanitize/distinfo:1.2  Sat Feb  4 13:33:10 2023
+++ pkgsrc/textproc/ruby-sanitize/distinfo      Sun Jul  9 02:56:28 2023
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.2 2023/02/04 13:33:10 taca Exp $
+$NetBSD: distinfo,v 1.3 2023/07/09 02:56:28 taca Exp $
 
-BLAKE2s (sanitize-6.0.1.gem) = 7cd8b6d8845065bf5c90b60e2aec935376b87115c0849294692c34cb960a13eb
-SHA512 (sanitize-6.0.1.gem) = 361141150022788dbb804230621f4003d50d82ce6c8767581a3ec74d61388088546f3105a60b440bedb602de1b06d3a3625218f9e0a23c19409fad3385151267
-Size (sanitize-6.0.1.gem) = 47616 bytes
+BLAKE2s (sanitize-6.0.2.gem) = f44068d396c47968a2f858703761cca30e6f23414f4cebf8178d3012a96cb1e4
+SHA512 (sanitize-6.0.2.gem) = 2e83ecf0bcecaec56eaae2935d3f967d983d0dcdce76d358291a3dec1411c5e5e85b80ec3ab6d2d2718211eae6542796744278e9f9a4236157809027403295e1
+Size (sanitize-6.0.2.gem) = 47616 bytes

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index