ruby-rails-html-sanitizer (1.3.0-1+deb11u1) bullseye-security; urgency=medium
* Non-maintainer upload by the LTS Team.
* CVE-2022-23517: Inefficient Regular Expression Complexity
* CVE-2022-23518: XSS in data URIs
* CVE-2022-23519: XSS vulnerability
* CVE-2022-23520: XSS vulnerability
* CVE-2022-32209: XSS vulnerability
* Bump dependency on ruby-loofah due to new functionality used
by the above fixes.
-- Adrian Bunk Sat, 28 Sep 2024 18:38:59 +0300
ruby-rails-html-sanitizer (1.3.0-1) unstable; urgency=medium
* Team upload.
* New upstream version.
* debian/compat:
- Drop, rely on debhelper-compat package.
* debian/control:
- Add Build-Dependency on debhelper-compat.
- Bump Standards-Version to 4.5.0.
- Use my debian.org mail address.
- Declare that the build doesn't need root.
* debian/patches:
- Add patch to skip failing tests, as these assume the vendored version of
libxml provided via nokogiri. That is not the case in Debian.
* debian/rules:
- Make the build verbose.
* debian/watch:
- Use gemwatch.debian.net service.
[ Utkarsh Gupta ]
* Add salsa-ci.yml
-- Georg Faerber Tue, 04 Feb 2020 18:15:36 +0000
ruby-rails-html-sanitizer (1.0.4-1) unstable; urgency=medium
* New upstream release.
* debian/compat: Bump debhelper compatibility level to 11.
* debian/control:
- Bump required debhelper version to >= 11~.
- Bump Standards-Version to 4.1.3 (no changes needed).
- Use salsa.debian.org in Vcs-* fields.
- Add myself as Uploader.
- Require ruby-loofah >= 2.2.2~.
* debian/copyright:
- Use HTTPS in link to copyright format specification.
- Add missing Debian packaging authors.
* debian/patches: Drop patch to skip failing specs, fixed upstream.
* debian/watch: Use version 4 and HTTPS in link to gemwatch service.
-- Georg Faerber Fri, 23 Mar 2018 13:42:07 +0100
ruby-rails-html-sanitizer (1.0.3-2) unstable; urgency=medium
* Team upload.
[ Cédric Boutillier ]
* Bump debhelper compatibility level to 9
* Use https:// in Vcs-* fields
* Bump Standards-Version to 3.9.7 (no changes needed)
[ Christian Hofstaedtler ]
* Drop ruby-rails from Depends, as no lib code actually loads rails;
makes the dependency cycle a little less bad.
-- Christian Hofstaedtler Sat, 05 Mar 2016 04:24:42 +0100
ruby-rails-html-sanitizer (1.0.3-1) unstable; urgency=high
* New upstream release. Contains fixes for several XSS vulnerabilities:
CVE-2015-7578 CVE-2015-7579 CVE-2015-7580 (Closes: #812814)
* debian/ruby-tests.rake: re-enable test that was disabled
* 0001-Skip-some-tests-under-Debian.patch: skip tests where the sanitized
HTML is XSS-free but does not match the exact content expected by the
upstream test suite. I suspect that is due to Nokogiri not using its own
patched version of libxml2 in Debian, but can't be sure of that yet.
Also, the same tests would already fail on 1.0.2 if enabled.
-- Antonio Terceiro Tue, 26 Jan 2016 19:36:51 -0200
ruby-rails-html-sanitizer (1.0.2-1) unstable; urgency=medium
* Initial release (Closes: #784326)
* Disabled a test as it required gems which have Rails > 4.2.0 in its
dependency chain
-- Balasankar C Tue, 05 May 2015 13:07:22 +0530