---
- branch: MAIN
  date: Tue Jan  3 15:19:14 UTC 2023
  files:
  - new: '1.6'
    old: '1.5'
    path: pkgsrc/www/ruby-rails-html-sanitizer/Makefile
    pathrev: pkgsrc/www/ruby-rails-html-sanitizer/Makefile@1.6
    type: modified
  - new: '1.8'
    old: '1.7'
    path: pkgsrc/www/ruby-rails-html-sanitizer/distinfo
    pathrev: pkgsrc/www/ruby-rails-html-sanitizer/distinfo@1.8
    type: modified
  id: 20230103T151914Z.b40e5347efcb51824664155f3deb3a63a3d9a4ae
  log: |
    www/ruby-rails-html-sanitizer: update to 1.4.4

    1.4.4 (2022-12-13)

    * Address inefficient regular expression complexity with certain
      configurations of Rails::Html::Sanitizer.

      Fixes CVE-2022-23517. See GHSA-5x79-w82f-gw8w for more information.

      Mike Dalessio

    * Address improper sanitization of data URIs.

      Fixes CVE-2022-23518 and #135. See GHSA-mcvf-2q2m-x72m for more information.

      Mike Dalessio

    * Address possible XSS vulnerability with certain configurations of
      Rails::Html::Sanitizer.

      Fixes CVE-2022-23520. See GHSA-rrfc-7g8p-99q8 for more information.

      Mike Dalessio

    * Address possible XSS vulnerability with certain configurations of
      Rails::Html::Sanitizer.

      Fixes CVE-2022-23519. See GHSA-9h9g-93gc-623h for more information.

      Mike Dalessio
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/ruby-rails-html-sanitizer'
  unixtime: '1672759154'
  user: taca