Source: ruby-sanitize Version: 2.1.0-1 Severity: important Tags: patch security upstream Forwarded: https://github.com/rgrove/sanitize/issues/176
Hi, the following vulnerability was published for ruby-sanitize. CVE-2018-3740[0]: Sanitize HTML injection vulnerability Code has changed quite a bit (e.g. 'clean' -> 'frament' method change in v3.0.0, but the underlying issue seems present in 2.1.0 based version as well afaics). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-3740 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3740 [1] https://github.com/rgrove/sanitize/issues/176 [2] https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e Regards, Salvatore
