Debian Security Advisory 5616-1

Debian Security Advisory 5616-1: Posted Feb 6, 2024; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5616-1 - It was discovered that ruby-sanitize, a whitelist-based HTML sanitizer, insufficiently sanitized style elements, which may result in cross-site scripting.; tags | advisory, xss, ruby; systems | linux, debian; advisories | CVE-2023-36823; SHA-256 | cb1891138c71065ba8a31de094547c27038e14dbb35d632d940934fd3474f59c; Download | Favorite | View

Debian Security Advisory 5616-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5616-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 05, 2024                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ruby-sanitize
CVE ID         : CVE-2023-36823

It was discovered that ruby-sanitize, a whitelist-based HTML sanitizer,
insufficiently sanitised <style> elements, which may result in
cross-site scripting.

For the oldstable distribution (bullseye), this problem has been fixed
in version 5.2.1-2+deb11u1.

For the stable distribution (bookworm), this problem has been fixed in
version 6.0.0-1.1+deb12u1.

We recommend that you upgrade your ruby-sanitize packages.

For the detailed security status of ruby-sanitize please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-sanitize

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXBWGUACgkQEMKTtsN8
TjZKxRAAmKe0iFtImy6hV4qVVAAWxtWArqFhQlMS6SDiBdkkN+0Ep3QMnBX1DKdq
HYjtaKSaSr6ho6oWtmQQc4YQfVze+EwQfCQKERYenoJtYS1ljsfrmMpnF6dmonOJ
zG5W9nf/8JVqmUwwmVCEGtATPBWu7SqLb5zkKqh6zPyf853bNBAqjE6z+CbWaYEk
CkIsfe7euOOW3zIIF2GiYCZBEkM9HieehyZdDVOlwTsIlMiELU5BX1eAFAdyBZho
ky88c2N4a0uSE8WWXoaNJN5T55sAv1DdqQF0sqfWxOXmmhcu6xbpif4Qh82CO58a
wW+m/DUHwqSr5pSey2AlThamV0H9CvKOkhZZWQ67ew9HpDEd2AW9aOv0TKuCMGBX
qovvSHjvmAI6Jg4VlFe1rD9yFXEhvB5A34/9mh3IRKSk01jrGXIkDqYGPYGEbAle
/qGwrTQvUou/js5flST87i3YYh0J8+WzldtVt42jr4RbjcvVefe+sQA8G0ILEgM/
+CYjMjSjefnJkTEjGOix522D/qukpBimLjPL+/28Vk41PzF8+q4t665oqpNFHaaG
Tlrjnoo0HXAxKDpSoK6LbclQGmPjRDe/CFBEUj7tAY5IUXt4yiNLlil3bCCAM5cz
lnVx3V1Cs236JTwVjR1YFtPUf5/tL7cLyPeelQWenHQ/YJDf4dk=
=5owE
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 63 files
Debian 33 files
Gentoo 28 files
LiquidWorm 10 files
nu11secur1ty 7 files
Adam Gowdiak 4 files
kai6u 3 files
gabe_k 3 files
liquidsky 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,036)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,495)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,567)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,739)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,489)
UNIX (9,397)
UnixWare (187)
Windows (6,656)
Other

Debian Security Advisory 5616-1

Debian Security Advisory 5616-1

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 5616-1

Share This

Debian Security Advisory 5616-1

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems