| Release | Version |
|---|---|
| buster | 2.2.3-1+deb10u1 |
| buster (security) | 2.2.3-1+deb10u2 |
| bullseye | 2.7.0+dfsg-1 |
| bookworm | 2.19.1-1 |
| trixie | 2.22.0-1 |
| sid | 2.22.0-1 |
| Bug | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2022-23516 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | Loofah is a general library for manipulating and transforming HTML/XML ... |
| CVE-2022-23515 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | Loofah is a general library for manipulating and transforming HTML/XML ... |
| CVE-2022-23514 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | Loofah is a general library for manipulating and transforming HTML/XML ... |
| Bug | Description |
|---|---|
| CVE-2019-15587 | In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may o ... |
| CVE-2018-16468 | In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may ... |
| CVE-2018-8048 | In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attribu ... |
| DSA / DLA | Description |
|---|---|
| DLA-3565-1 | ruby-loofah - security update |
| DSA-4554-1 | ruby-loofah - security update |
| DSA-4364-1 | ruby-loofah - security update |
| DSA-4171-1 | ruby-loofah - security update |