--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-03c0964b6a
2020-02-29 22:31:35.495046
--------------------------------------------------------------------------------
Name : rubygem-loofah
Product : Fedora 31
Version : 2.2.3
Release : 4.fc31
URL :
https://github.com/flavorjones/loofah
Summary : Manipulate and transform HTML/XML documents and fragments
Description :
Loofah is a general library for manipulating and transforming HTML/XML
documents and fragments. It's built on top of Nokogiri and libxml2, so
it's fast and has a nice API.
Loofah excels at HTML sanitization (XSS prevention). It includes some
nice HTML sanitizers, which are based on HTML5lib's whitelist, so it
most likely won't make your codes less secure.
--------------------------------------------------------------------------------
Update Information:
Fix XXS when a crafted SVG element is republished.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 21 2020 V��t Ondruch <vondruch(a)redhat.com> - 2.2.3-4
- Fix XXS when a crafted SVG element is republished.
Resolves: CVE-2019-15587
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1774081 - CVE-2019-15587 rubygem-loofah: XXS when a crafted SVG element is
republished
https://bugzilla.redhat.com/show_bug.cgi?id=1774081
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-03c0964b6a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------