Back to ruby-sanitize PTS page

Accepted ruby-sanitize 4.6.6-2.1~deb10u2 (source all) into oldoldstable

To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
Subject: Accepted ruby-sanitize 4.6.6-2.1~deb10u2 (source all) into oldoldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 14 Nov 2023 10:50:20 +0000
Debian: DAK
Debian-architecture: source all
Debian-archive-action: accept
Debian-changes: ruby-sanitize_4.6.6-2.1~deb10u2_amd64.changes
Debian-source: ruby-sanitize
Debian-suite: oldoldstable
Debian-version: 4.6.6-2.1~deb10u2
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=BDCpZRXIzg/8ALGt3h0RYf0GyVVHzQ3sYkXCgRCkPQk=; b=q9e3f33j0kAOeA7U73U0YaKT0S qhYNcv9n9eVBDBxeAUWUjSF81KSVBGYM/qKuhbrYk+i3nTtw9mNwacvWQNdux8vnlqRQw4u0SYEp7 K+lsgjUKpcFRl8vNMwOLyA6rLH1KsoYsz32+UFL+Sdl6TIc/wndihZIxVe8FLPmMcKaLnsS/w7BMb 10h8ZQkkZE/YuG9uLWn0LVhtkT/DP2aSsLxoT3tgZ59hdjBtsWPklB7PvD6KEPBD0FhQ/OmsJn52E xpHu5e4juCcpNEM2Pu5hNA1TlbTCkt4nEEE0s6vWJo2dwto4eD3yoHKo0/MNWQ4lGvQr5rEd6PuvC dakLzVYg==;
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1r2qzs-006Ky2-8t@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 14 Nov 2023 10:23:27 +0000
Source: ruby-sanitize
Binary: ruby-sanitize
Architecture: source all
Version: 4.6.6-2.1~deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
 ruby-sanitize - whitelist-based HTML sanitizer
Closes: 1041430
Changes:
 ruby-sanitize (4.6.6-2.1~deb10u2) buster-security; urgency=high
 .
   * Non-maintainer upoad by the Debian LTS team.
   * CVE-2023-36823: Using carefully crafted input, an attacker may have be able
     to sneak arbitrary HTML and CSS through Sanitize when configured to use the
     built-in "relaxed" config or when using a custom config that allowed
     "style" elements and one or more CSS "at"-rules. This could have resulted
     in cross-site scripting (XSS) or other undesired behavior if the malicious
     HTML and CSS were rendered in a browser. (Closes: #1041430)
Checksums-Sha1:
 ca3fb55b6823eba3a4f8b0c80ed245d735667f90 2175 ruby-sanitize_4.6.6-2.1~deb10u2.dsc
 e660c44ac13c945d43598eaf3a6f4f68c0b472ec 40115 ruby-sanitize_4.6.6.orig.tar.gz
 d27845126e8bd0d53231f3e65a58c056869644f0 8276 ruby-sanitize_4.6.6-2.1~deb10u2.debian.tar.xz
 eab8ee8d01c473ae02f2aabead0cc5daef0a479c 31748 ruby-sanitize_4.6.6-2.1~deb10u2_all.deb
 18fe0d16dc3559fd822c64b0d84514f647c3dd51 9316 ruby-sanitize_4.6.6-2.1~deb10u2_amd64.buildinfo
Checksums-Sha256:
 b5a59d22b693a93917c5e9a4507db6dd2ae3202cd094cdcfa98c0b849858ae54 2175 ruby-sanitize_4.6.6-2.1~deb10u2.dsc
 5d5b72076d13b731638e6189a83988237a47ab4d8ce6bfa5aded31ec0f333238 40115 ruby-sanitize_4.6.6.orig.tar.gz
 39150778a0bdcdd941df3b5a041c525cd8850198fd31951853e4ccf1a1eefb9b 8276 ruby-sanitize_4.6.6-2.1~deb10u2.debian.tar.xz
 d30d0c3238dfa22148e8f64e4d25d8734461dfe92e7cc7d5a3d8825c6ed6ad67 31748 ruby-sanitize_4.6.6-2.1~deb10u2_all.deb
 032f0b8370334f8fa502e425062fb03f70d48830004b35807d47a647349399da 9316 ruby-sanitize_4.6.6-2.1~deb10u2_amd64.buildinfo
Files:
 98db32c97edc5d5a965f553d2ba4cac5 2175 ruby optional ruby-sanitize_4.6.6-2.1~deb10u2.dsc
 aa34226fdbfd69430ae83aabbb8d894a 40115 ruby optional ruby-sanitize_4.6.6.orig.tar.gz
 a0d7bf3e104ef10b86ba9ab996d37d62 8276 ruby optional ruby-sanitize_4.6.6-2.1~deb10u2.debian.tar.xz
 4bad5fbf5e3d1ecff7b65f581ce471e9 31748 ruby optional ruby-sanitize_4.6.6-2.1~deb10u2_all.deb
 c639a1c407b93456bf6e62ec1b098ae2 9316 ruby optional ruby-sanitize_4.6.6-2.1~deb10u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmVTThwACgkQHpU+J9Qx
HljIfA/8D7SuY09WBXKpnWoZhyK+116SpsSA1yHpAN8JiAHFiqVA0D1dEOp1yDdD
WaxjmzFYnXVIwrXYW7Qt0PkAT8JhnbB2eIGupVK/cg/5Rczuaur+R20/n8YWPxFO
8JwvYGYOwD5e7LYJ1Usrs9vvWQvYCoZ6dEXsbgvIk3EX75wIhB01TB544TsS30ne
B2sQglaSyJXrz0Umhfahe4ytDp5m610MnXKcsWhk0nI2eu1z9CjR4YoCm++nEibu
/3Wa56enZYsCEtSBAFQZzz7zTy6xtab5DyY+V5OG+RttaxIQU85+kJjr0fGa4drt
XjVTEKDC/5Ubobanury0pxJSI9+VL2EHw0PUXpHVqffawCJrfzutfIkprLeu3lfC
IazqTB5mE1i97J3TExju3yr96XFs5pdvFuW/NDyhDPfAQFST32XOMDwPq4ijmcBc
3gIde0L9pFqPdiHpnxDkya7JATh4nzerffzTp/BJ19g8WqVcLvP56IBBBilJdmRU
sfnLnUiim+dJba/B1QnFcK9ObxNyHTNIkMU4DaG17ngKsAw53ccEGq3AmF0zoxPr
a3FcjJnTEyVyf0SqM5FtYGZvUYvORkFLELHtBg66DUM7p+R1tSfzWaaqDn05OVE6
c/hQKY75zHsMBTTYgnZVjL2X6wQnDiXuNdK6SXfX4TYjBYsZ6uI=
=UxO6
-----END PGP SIGNATURE-----