Debian Package Tracker - ruby-rails-html-sanitizer

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

redirecting DEPRECATED pkg-ruby-extras.alioth.debian.org/cgi-bin/gemwatch to gemwatch.debian.net

Created: 2018-05-06 Last update: 2019-01-18 22:11

1 security issue in stretch high

There is 1 open security issue in stretch.

1 important issue:

CVE-2018-3741: There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately.

Please fix it.

Created: 2018-03-25 Last update: 2018-06-02 08:03

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 4.1.3).

Created: 2018-04-16 Last update: 2018-12-23 17:15