From 3ca19dedba6ed8ce75b9ad58872320e2418009f8 Mon Sep 17 00:00:00 2001
From: Reed Loden <reed@hackerone.com>
Date: Thu, 18 Oct 2018 09:36:01 -0700
Subject: [PATCH] Sanitize 2.1.1 includes this fix, as per
 https://github.com/rgrove/sanitize/issues/176#issuecomment-425751036

---
 gems/sanitize/CVE-2018-3740.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gems/sanitize/CVE-2018-3740.yml b/gems/sanitize/CVE-2018-3740.yml
index 5ca3c5451c..9bd22f4cd9 100644
--- a/gems/sanitize/CVE-2018-3740.yml
+++ b/gems/sanitize/CVE-2018-3740.yml
@@ -5,7 +5,7 @@ date: 2018-03-19
 url: https://github.com/rgrove/sanitize/issues/176
 title: HTML injection/XSS in Sanitize
 description: |
-  When Sanitize <= 4.6.2 is used in combination with libxml2 >= 2.9.2,
+  When Sanitize gem is used in combination with libxml2 >= 2.9.2,
   a specially crafted HTML fragment can cause libxml2 to generate
   improperly escaped output, allowing non-whitelisted attributes to be
   used on whitelisted elements.
@@ -15,6 +15,7 @@ description: |
 unaffected_versions:
   - "< 1.1.0"
 patched_versions:
+  - "~> 2.1.1"
   - ">= 4.6.3"
 related:
   url: