"Thompson, David" <dthompson2@worcester.edu> writes:

> On Tue, Mar 20, 2018 at 10:09 AM, Kei Kebreau <kkebreau@posteo.net> wrote:
>> This fixes CVE-2018-3740.
>>
>> * gnu/packages/ruby.scm (ruby-sanitize): Update to 4.6.3.
>> ---
>>  gnu/packages/ruby.scm | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
>> index dcf4cda26..010dedde2 100644
>> --- a/gnu/packages/ruby.scm
>> +++ b/gnu/packages/ruby.scm
>> @@ -3082,7 +3082,7 @@ access the result as a Nokogiri parsed document.")
>>  (define-public ruby-sanitize
>>    (package
>>      (name "ruby-sanitize")
>> -    (version "4.0.0")
>> +    (version "4.6.3")
>>      (source (origin
>>                (method url-fetch)
>>                ;; The gem does not include the Rakefile, so we download the
>> @@ -3092,7 +3092,7 @@ access the result as a Nokogiri parsed document.")
>>                (file-name (string-append name "-" version ".tar.gz"))
>>                (sha256
>>                 (base32
>> -                "055xnj38l60gxnnng76kpy2l2jbrp0byjdyq17jw79w7l4b40znr"))))
>> +                "1fmqppwif3cm8h79006jfzkdnlxxzlry9kzk03psk0d5xpg55ycc"))))
>>      (build-system ruby-build-system)
>>      (propagated-inputs
>>       `(("ruby-crass" ,ruby-crass)
>> --
>> 2.16.2
>
> Looks good, thanks!
>
> - Dave

Thanks for reviewing! Pushed to master.