Package: ruby-sanitize / 2.1.0-2+deb9u1

Metadata

Package Version Patches format
ruby-sanitize 2.1.0-2+deb9u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
CVE 2018 3740/0001 Backport tests and fix for CVE 2018 3740.patch | (download)

lib/sanitize/transformers/clean_element.rb | 49 48 + 1 - 0 !
test/common.rb | 36 36 + 0 - 0 !
test/test_clean_element.rb | 190 190 + 0 - 0 !
test/test_malicious_html.rb | 81 81 + 0 - 0 !
test/test_sanitize.rb | 5 0 + 5 - 0 !
5 files changed, 355 insertions(+), 6 deletions(-)

 [1/6] backport tests and fix for cve-2018-3740
CVE 2018 3740/0002 Make sure test_sanitize.rb requires the common test .patch | (download)

test/test_sanitize.rb | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 [2/6] make sure test_sanitize.rb requires the common test helpers
CVE 2018 3740/0003 Don t apply the fix to attribute values that contain.patch | (download)

lib/sanitize/transformers/clean_element.rb | 7 4 + 3 - 0 !
1 file changed, 4 insertions(+), 3 deletions(-)

 [3/6] don't apply the fix to attribute values that contain only
 whitespace
CVE 2018 3740/0004 Move libxml2 safety tests to test_sanitize.patch | (download)

lib/sanitize/transformers/clean_element.rb | 52 28 + 24 - 0 !
test/common.rb | 36 0 + 36 - 0 !
test/test_clean_element.rb | 190 0 + 190 - 0 !
test/test_malicious_html.rb | 81 0 + 81 - 0 !
test/test_sanitize.rb | 83 81 + 2 - 0 !
5 files changed, 109 insertions(+), 333 deletions(-)

 [4/6] * move libxml2 safety tests to test_sanitize * only strip
 attribute when it concerns a url * Fix expected test output for image tag
 with empty src
CVE 2018 3740/0005 Fix tests failures on 2.x due to changes in nokogiri.patch | (download)

test/test_sanitize.rb | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 [5/6] fix tests failures on 2.x due to changes in nokogiri
CVE 2018 3740/0006 Fix position of encoding line.patch | (download)

test/test_sanitize.rb | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 [6/6] fix position of encoding line