Ubuntu Security Notice 4498-1 - It was discovered that Loofah does not properly sanitize JavaScript in sanitized output. An attacker could possibly use this issue to perform XSS attacks.
88d4e83dbb53e89c4500d9d0e93cd5f4caff49dfd2b7395e75e7ae1611a739c6