CVS commit: [pkgsrc-2023Q2] pkgsrc/textproc/ruby-sanitize

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2023Q2] pkgsrc/textproc/ruby-sanitize
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
Date: Sun, 13 Aug 2023 09:03:46 +0000

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Sun Aug 13 09:03:46 UTC 2023

Modified Files:
        pkgsrc/textproc/ruby-sanitize [pkgsrc-2023Q2]: Makefile distinfo

Log Message:
Pullup ticket #6781 - requested by taca
textproc/ruby-sanitize: security fix (CVE-2023-36823)

Revisions pulled up:
- textproc/ruby-sanitize/Makefile                               1.3
- textproc/ruby-sanitize/distinfo                               1.3

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Sun Jul  9 02:56:28 UTC 2023

   Modified Files:
        pkgsrc/textproc/ruby-sanitize: Makefile distinfo

   Log Message:
   textproc/ruby-sanitize: update to 6.0.2

   6.0.2 (2023-07-06)

   Bug Fixes

   * CVE-2023-36823: Fixed an HTML+CSS sanitization bypass that could allow XSS
     (cross-site scripting). This issue affects Sanitize versions 3.0.0 through
     6.0.1.

     When using Sanitize's relaxed config or a custom config that allows
     <style> elements and one or more CSS at-rules, carefully crafted input
     could be used to sneak arbitrary HTML through Sanitize.

     See the following security advisory for additional details:
     GHSA-f5ww-cq3m-q3g7

     Thanks to @cure53 for finding this issue.


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.2.4.1 pkgsrc/textproc/ruby-sanitize/Makefile \
    pkgsrc/textproc/ruby-sanitize/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/textproc/ruby-sanitize/Makefile
diff -u pkgsrc/textproc/ruby-sanitize/Makefile:1.2 pkgsrc/textproc/ruby-sanitize/Makefile:1.2.4.1
--- pkgsrc/textproc/ruby-sanitize/Makefile:1.2  Sat Feb  4 13:33:10 2023
+++ pkgsrc/textproc/ruby-sanitize/Makefile      Sun Aug 13 09:03:45 2023
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.2 2023/02/04 13:33:10 taca Exp $
+# $NetBSD: Makefile,v 1.2.4.1 2023/08/13 09:03:45 bsiegert Exp $
 
-DISTNAME=      sanitize-6.0.1
+DISTNAME=      sanitize-6.0.2
 CATEGORIES=    textproc
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
Index: pkgsrc/textproc/ruby-sanitize/distinfo
diff -u pkgsrc/textproc/ruby-sanitize/distinfo:1.2 pkgsrc/textproc/ruby-sanitize/distinfo:1.2.4.1
--- pkgsrc/textproc/ruby-sanitize/distinfo:1.2  Sat Feb  4 13:33:10 2023
+++ pkgsrc/textproc/ruby-sanitize/distinfo      Sun Aug 13 09:03:45 2023
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.2 2023/02/04 13:33:10 taca Exp $
+$NetBSD: distinfo,v 1.2.4.1 2023/08/13 09:03:45 bsiegert Exp $
 
-BLAKE2s (sanitize-6.0.1.gem) = 7cd8b6d8845065bf5c90b60e2aec935376b87115c0849294692c34cb960a13eb
-SHA512 (sanitize-6.0.1.gem) = 361141150022788dbb804230621f4003d50d82ce6c8767581a3ec74d61388088546f3105a60b440bedb602de1b06d3a3625218f9e0a23c19409fad3385151267
-Size (sanitize-6.0.1.gem) = 47616 bytes
+BLAKE2s (sanitize-6.0.2.gem) = f44068d396c47968a2f858703761cca30e6f23414f4cebf8178d3012a96cb1e4
+SHA512 (sanitize-6.0.2.gem) = 2e83ecf0bcecaec56eaae2935d3f967d983d0dcdce76d358291a3dec1411c5e5e85b80ec3ab6d2d2718211eae6542796744278e9f9a4236157809027403295e1
+Size (sanitize-6.0.2.gem) = 47616 bytes

Prev by Date: CVS commit: [pkgsrc-2023Q2] pkgsrc/www
Next by Date: CVS commit: pkgsrc/textproc/utf8-cpp
Previous by Thread: CVS commit: [pkgsrc-2023Q2] pkgsrc/www
Next by Thread: CVS commit: pkgsrc/textproc/utf8-cpp
Indexes:

Home | Main Index | Thread Index | Old Index