Received: by mail.netbsd.org (Postfix, from userid 605) id B6F4384EB2; Sun, 12 Jun 2022 12:18:37 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id F0BF884D67 for ; Sun, 12 Jun 2022 12:18:36 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id v3dHwB3iSpdZ for ; Sun, 12 Jun 2022 12:18:36 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 6DD0B84C13 for ; Sun, 12 Jun 2022 12:18:36 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 5B2C4FB1A; Sun, 12 Jun 2022 12:20:11 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1655036411140970" MIME-Version: 1.0 Date: Sun, 12 Jun 2022 12:20:11 +0000 From: "Takahiro Kambe" Subject: CVS commit: pkgsrc/www/ruby-rails-html-sanitizer To: pkgsrc-changes@NetBSD.org Reply-To: taca@netbsd.org X-Mailer: log_accum Message-Id: <20220612122011.5B2C4FB1A@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1655036411140970 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: taca Date: Sun Jun 12 12:20:11 UTC 2022 Modified Files: pkgsrc/www/ruby-rails-html-sanitizer: Makefile distinfo Log Message: www/ruby-rails-html-sanitizer: update to 1.4.3 1.4.3 (2022-06-09) * Address a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. Prevent the combination of `select` and `style` as allowed tags in SafeListSanitizer. Fixes CVE-2022-32209 *Mike Dalessio* To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/ruby-rails-html-sanitizer/Makefile cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/ruby-rails-html-sanitizer/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1655036411140970 Content-Disposition: inline Content-Length: 1707 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/www/ruby-rails-html-sanitizer/Makefile diff -u pkgsrc/www/ruby-rails-html-sanitizer/Makefile:1.4 pkgsrc/www/ruby-rails-html-sanitizer/Makefile:1.5 --- pkgsrc/www/ruby-rails-html-sanitizer/Makefile:1.4 Mon Aug 30 15:38:02 2021 +++ pkgsrc/www/ruby-rails-html-sanitizer/Makefile Sun Jun 12 12:20:11 2022 @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.4 2021/08/30 15:38:02 taca Exp $ +# $NetBSD: Makefile,v 1.5 2022/06/12 12:20:11 taca Exp $ -DISTNAME= rails-html-sanitizer-1.4.2 +DISTNAME= rails-html-sanitizer-1.4.3 CATEGORIES= www MAINTAINER= minskim@NetBSD.org Index: pkgsrc/www/ruby-rails-html-sanitizer/distinfo diff -u pkgsrc/www/ruby-rails-html-sanitizer/distinfo:1.6 pkgsrc/www/ruby-rails-html-sanitizer/distinfo:1.7 --- pkgsrc/www/ruby-rails-html-sanitizer/distinfo:1.6 Tue Oct 26 11:31:03 2021 +++ pkgsrc/www/ruby-rails-html-sanitizer/distinfo Sun Jun 12 12:20:11 2022 @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.6 2021/10/26 11:31:03 nia Exp $ +$NetBSD: distinfo,v 1.7 2022/06/12 12:20:11 taca Exp $ -BLAKE2s (rails-html-sanitizer-1.4.2.gem) = 92d5f6e7d93f6f6686931830ff28e64795917a407299db40154cbcee20511364 -SHA512 (rails-html-sanitizer-1.4.2.gem) = 9f0872f1000c758918f66a889322d3393ec678604eb3b01fc21bbb861189ec04fcf05f5c9487bd5eeb63ce6d99a80064718c82bfce2daf25c07754979a2ed747 -Size (rails-html-sanitizer-1.4.2.gem) = 16896 bytes +BLAKE2s (rails-html-sanitizer-1.4.3.gem) = 110fc5e7b2557d3a8bb7d2424b072e62f7bb9d4dd6d5d6625c4033250a25626a +SHA512 (rails-html-sanitizer-1.4.3.gem) = ead339d8ed5aefa737298d886a0db3c353254cfa57bdee7d2011f596ed2871dcad3bd16561728da2447e239fcaa908256bb6436493462bca6310a17a3812ffd9 +Size (rails-html-sanitizer-1.4.3.gem) = 17920 bytes --_----------=_1655036411140970--