-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-d716df9942 2018-11-28 02:44:22.549699 --------------------------------------------------------------------------------
Name : rubygem-loofah Product : Fedora 28 Version : 2.0.3 Release : 6.fc28 URL : https://github.com/flavorjones/loofah Summary : Manipulate and transform HTML/XML documents and fragments Description : Loofah is a general library for manipulating and transforming HTML/XML documents and fragments. It's built on top of Nokogiri and libxml2, so it's fast and has a nice API. Loofah excels at HTML sanitization (XSS prevention). It includes some nice HTML sanitizers, which are based on HTML5lib's whitelist, so it most likely won't make your codes less secure.
-------------------------------------------------------------------------------- Update Information:
XXS when a crafted SVG element is republished (CVE-2018-16468). -------------------------------------------------------------------------------- ChangeLog:
* Tue Nov 13 2018 V��t Ondruch vondruch@redhat.com - 2.0.3-6 - XXS when a crafted SVG element is republished (CVE-2018-16468). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1646715 - CVE-2018-16468 rubygem-loofah: XXS when a crafted SVG element is republished https://bugzilla.redhat.com/show_bug.cgi?id=1646715 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-d716df9942' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org