--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-4ce40afcb6
2018-11-28 02:20:39.847116
--------------------------------------------------------------------------------
Name : rubygem-loofah
Product : Fedora 27
Version : 2.0.3
Release : 6.fc27
URL :
https://github.com/flavorjones/loofah
Summary : Manipulate and transform HTML/XML documents and fragments
Description :
Loofah is a general library for manipulating and transforming HTML/XML
documents and fragments. It's built on top of Nokogiri and libxml2, so
it's fast and has a nice API.
Loofah excels at HTML sanitization (XSS prevention). It includes some
nice HTML sanitizers, which are based on HTML5lib's whitelist, so it
most likely won't make your codes less secure.
--------------------------------------------------------------------------------
Update Information:
XXS when a crafted SVG element is republished (CVE-2018-16468).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 13 2018 V��t Ondruch <vondruch(a)redhat.com> - 2.0.3-6
- XXS when a crafted SVG element is republished (CVE-2018-16468).
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.3-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.3-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.3-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1646715 - CVE-2018-16468 rubygem-loofah: XXS when a crafted SVG element is
republished
https://bugzilla.redhat.com/show_bug.cgi?id=1646715
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-4ce40afcb6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------