Version in base suite: 6.0.0-1.1 Base version: ruby-sanitize_6.0.0-1.1 Target version: ruby-sanitize_6.0.0-1.1+deb12u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/r/ruby-sanitize/ruby-sanitize_6.0.0-1.1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/r/ruby-sanitize/ruby-sanitize_6.0.0-1.1+deb12u1.dsc changelog | 6 +++++ patches/CVE-2023-36823.patch | 45 +++++++++++++++++++++++++++++++++++++++++++ patches/series | 1 3 files changed, 52 insertions(+) diff -Nru ruby-sanitize-6.0.0/debian/changelog ruby-sanitize-6.0.0/debian/changelog --- ruby-sanitize-6.0.0/debian/changelog 2023-02-20 19:28:45.000000000 +0000 +++ ruby-sanitize-6.0.0/debian/changelog 2024-01-25 09:26:53.000000000 +0000 @@ -1,3 +1,9 @@ +ruby-sanitize (6.0.0-1.1+deb12u1) bookworm-security; urgency=high + + * Fix CVE-2023-36823. (Closes: #1041430) + + -- Abhijith PA Thu, 25 Jan 2024 14:56:53 +0530 + ruby-sanitize (6.0.0-1.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru ruby-sanitize-6.0.0/debian/patches/CVE-2023-36823.patch ruby-sanitize-6.0.0/debian/patches/CVE-2023-36823.patch --- ruby-sanitize-6.0.0/debian/patches/CVE-2023-36823.patch 1970-01-01 00:00:00.000000000 +0000 +++ ruby-sanitize-6.0.0/debian/patches/CVE-2023-36823.patch 2024-01-25 09:26:53.000000000 +0000 @@ -0,0 +1,45 @@ +From 041c068cec516474d61862faf3910b26c7e10073 Mon Sep 17 00:00:00 2001 +From: Ryan Grove +Date: Mon, 26 Jun 2023 11:31:55 -0700 +Subject: [PATCH 1/3] Escape ` element' do ++ before do ++ @s = Sanitize.new(Sanitize::Config::RELAXED) ++ end ++ ++ it 'is not possible to prematurely end a ], ++ @s.fragment(%[]) ++ ) ++ end ++ end + end diff -Nru ruby-sanitize-6.0.0/debian/patches/series ruby-sanitize-6.0.0/debian/patches/series --- ruby-sanitize-6.0.0/debian/patches/series 2023-02-20 19:27:46.000000000 +0000 +++ ruby-sanitize-6.0.0/debian/patches/series 2024-01-25 09:26:53.000000000 +0000 @@ -2,3 +2,4 @@ Update-tests-to-remove-deprecated-minitest-must_be.patch Forcibly-escape-content-in-unescaped-text-elements-i.patch Always-remove-noscript-elements.patch +CVE-2023-36823.patch