-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-1ebc4b8284 2020-02-29 22:45:46.940165 --------------------------------------------------------------------------------
Name : rubygem-loofah Product : Fedora 30 Version : 2.2.3 Release : 4.fc30 URL : https://github.com/flavorjones/loofah Summary : Manipulate and transform HTML/XML documents and fragments Description : Loofah is a general library for manipulating and transforming HTML/XML documents and fragments. It's built on top of Nokogiri and libxml2, so it's fast and has a nice API. Loofah excels at HTML sanitization (XSS prevention). It includes some nice HTML sanitizers, which are based on HTML5lib's whitelist, so it most likely won't make your codes less secure.
-------------------------------------------------------------------------------- Update Information:
Fix XXS when a crafted SVG element is republished. -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 21 2020 V��t Ondruch vondruch@redhat.com - 2.2.3-4 - Fix XXS when a crafted SVG element is republished. Resolves: CVE-2019-15587 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1774081 - CVE-2019-15587 rubygem-loofah: XXS when a crafted SVG element is republished https://bugzilla.redhat.com/show_bug.cgi?id=1774081 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-1ebc4b8284' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org