File rubygem-rails-html-sanitizer.changes of Package rubygem-rails-html-sanitizer.30440

-------------------------------------------------------------------
Thu Aug 31 10:06:40 UTC 2023 - Paolo Perego <paolo.perego@suse.com>

- Fixing typos in CVEs corrected by prior submission

-------------------------------------------------------------------
Tue Aug 29 12:53:07 UTC 2023 - Paolo Perego <paolo.perego@suse.com>

- In order to have the
  0003_CVE-2022-23517_CVE-2022-23518_CVE-2022-23519_CVE-2022-23520.patch
  working smoothly I monkey patched loofah API and crass rubygem code into
  rails-html-sanitizer.

-------------------------------------------------------------------
Mon Aug 28 15:04:39 UTC 2023 - Paolo Perego <paolo.perego@suse.com>

- Add patch 0003_CVE-2022-23517_CVE-2022-23518_CVE-2022-23519_CVE-2022-23520.patch

  This patch fixes 4 different CVEs:
  * CVE-2022-23517 (bsc#1206433)
  * CVE-2022-23518 (bsc#1206434)
  * CVE-2022-23519 (bsc#1206435)
  * CVE-2022-23520 (bsc#1206436)

-------------------------------------------------------------------
Thu Aug 18 07:23:32 UTC 2022 - Manuel Schnitzer <mschnitzer@suse.com>

- Add patch 0002_CVE-2022-32209.patch

  This patch fixes CVE-2022-32209 (bsc#1201183)

-------------------------------------------------------------------
Fri Aug  2 09:04:03 UTC 2019 - Manuel Schnitzer <mschnitzer@suse.com>

- Add patch 0001_CVE-2018-3741-xss_vulnerability.patch

  This patch fixes CVE-2018-3741 (bsc#1086598)

  We don't need to update to the latest rubygem-loofah version,
  since our patched version of rubygem-loofah provides the function
  which is required to address this security hole.

-------------------------------------------------------------------
Fri Sep 15 11:11:46 UTC 2017 - rsalevsky@suse.com

- updated to version 1.0.3: (bsc#1055962)
  * boo#963326: CVE-2015-7578: XSS vulnerability via attributes
    remove CVE-2015-7578.patch
  * boo#963327: CVE-2015-7579: XSS vulnerability
    remove CVE-2015-7579.patch
  * boo#963328: CVE-2015-7580: XSS via whitelist sanitizer
    remove CVE-2015-7580.patch

-------------------------------------------------------------------
Tue Jan 26 10:31:58 UTC 2016 - jmassaguerpla@suse.com

- fix bnc#963328: CVE-2015-7580: rubygem-rails-html-sanitizer: XSS
  via whitelist sanitizer
  CVE-2015-7580.patch: contains the fix

-------------------------------------------------------------------
Mon Jan 25 18:07:42 UTC 2016 - jmassaguerpla@suse.com

- fix bnc#963327: CVE-2015-7579: rubygem-rails-html-sanitizer: XSS
  vulnerability in rails-html-sanitizer.
  CVE-2015-7579.patch: contains the fix

-------------------------------------------------------------------
Mon Jan 25 18:04:56 UTC 2016 - jmassaguerpla@suse.com

- fix bnc#963326: CVE-2015-7578: rubygem-rails-html-sanitizer: XSS
  vulnerability via attributes.
  CVE-2015-7578.patch: contains the fix

-------------------------------------------------------------------
Mon Mar 16 06:51:40 UTC 2015 - coolo@suse.com

- updated to version 1.0.2, no changelog

-------------------------------------------------------------------
Mon Feb  9 08:20:28 UTC 2015 - coolo@suse.com

- initial package (version 1.0.1)
Places

File rubygem-rails-html-sanitizer.changes of Package rubygem-rails-html-sanitizer.30440

Places
