File _patchinfo of Package patchinfo.30440
<patchinfo incident="30440"> <issue tracker="cve" id="2022-23517"/> <issue tracker="cve" id="2022-23518"/> <issue tracker="cve" id="2022-23520"/> <issue tracker="cve" id="2022-23519"/> <issue tracker="bnc" id="1206435">VUL-0: CVE-2022-23519: rubygem-rails-html-sanitizer: XSS vulnerability with certain configurations of Rails::Html::Sanitizer</issue> <issue tracker="bnc" id="1206433">VUL-0: CVE-2022-23517: rubygem-rails-html-sanitizer: inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes</issue> <issue tracker="bnc" id="1206434">VUL-0: CVE-2022-23518: rubygem-rails-html-sanitizer: XSS via data URIs when used in combination with Loofah >= 2.1.0</issue> <issue tracker="bnc" id="1206436">VUL-0: CVE-2022-23520: rubygem-rails-html-sanitizer: XSS vulnerability with certain configurations of Rails::Html::Sanitizer</issue> <packager>pperego</packager> <rating>important</rating> <category>security</category> <summary>Security update for rubygem-rails-html-sanitizer</summary> <description>This update for rubygem-rails-html-sanitizer fixes the following issues: - CVE-2022-23517: Fixed inefficient regular expression that is susceptible to excessive backtracking (bsc#1206433). - CVE-2022-23518: Fixed XSS via data URIs when used in combination with Loofah (bsc#1206434). - CVE-2022-23519: Fixed XSS vulnerability with certain configurations of Rails::Html::Sanitizer (bsc#1206435). - CVE-2022-23520: Fixed XSS vulnerability with certain configurations of Rails::Html::Sanitizer (bsc#1206436). </description> </patchinfo>
