Version 2.1.0-2 of ruby-sanitize is marked for autoremoval from testing on Thu 03 May 2018. It is affected by #893610. The removal of ruby-sanitize will also cause the removal of (transitive) reverse dependencies: open-build-service, ruby-github-markup, ruby-gollum-lib. You should try to prevent the removal by fixing these RC bugs.
A new upstream version 4.6.4 is available, you should consider packaging it.
Standards version of the package is outdated.
high
The package is severely out of date with respect to the Debian Policy.The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.1.4 instead of
3.9.7).
CVE-2018-3740: A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
CVE-2018-3740: A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
CVE-2018-3740: A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
CVE-2018-3740: A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
Lintian reports
2 warnings
about this package. You should make the package lintian clean getting rid of them.
3 new commit since last upload, time to release an update?
normal
vcswatch reports that
this package seems to have new commits in its VCS. You should consider updating
the debian/changelog and uploading this new version into the archive.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/r/ruby-sanitize.png){kind=link}