Source: ruby-redcloth Severity: important Tags: patch Dear Maintainer,
Find the following patch in order to fix a REDOS Thanks Bastien
From: Kornelius Kalnbach <mur...@rubychan.de> Date: Wed, 28 Jun 2023 17:24:55 +0200 Subject: CVE-2023-31606 make regex faster with Atomic Grouping MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit origin: https://patch-diff.githubusercontent.com/raw/jgarber/redcloth/pull/75 bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2023-31606 Signed-off-by: Bastien Roucari??s <ro...@debian.org> --- lib/redcloth/formatters/html.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/redcloth/formatters/html.rb b/lib/redcloth/formatters/html.rb index b241c99..396c2d0 100644 --- a/lib/redcloth/formatters/html.rb +++ b/lib/redcloth/formatters/html.rb @@ -324,7 +324,7 @@ private # Clean unauthorized tags. def clean_html( text, allowed_tags = BASIC_TAGS ) text.gsub!( /<!\[CDATA\[/, '' ) - text.gsub!( /<(\/*)([A-Za-z]\w*)([^>]*?)(\s?\/?)>/ ) do |m| + text.gsub!( /<(\/*)([A-Za-z]\w*+)([^>]*?)(\s?\/?)>/ ) do |m| raw = $~ tag = raw[2].downcase if allowed_tags.has_key? tag
signature.asc
Description: This is a digitally signed message part.