[Pkg-javascript-devel] node-css-what_4.0.0-3+deb11u1_sourceonly.changes ACCEPTED into oldstable-proposed-updates
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Fri Jun 16 20:47:24 BST 2023
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 01 Mar 2023 13:47:23 +0000
Source: node-css-what
Architecture: source
Version: 4.0.0-3+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel at lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca at debian.org>
Closes: 989264 1032188
Changes:
node-css-what (4.0.0-3+deb11u1) bullseye; urgency=medium
.
* Team upload
* node-css-what was vulnerable to Regular Expression Denial of Service
(ReDoS) due to the usage of insecure regular expression in the
re_attr variable.
The exploitation of this vulnerability could be triggered
via the parse function.
Fix CVE-2022-21222, CVE-2021-33587 (Closes: #989264, #1032188)
Checksums-Sha1:
ee1cda7e61aa937e78c920f00be1957ebf98cb4c 2098 node-css-what_4.0.0-3+deb11u1.dsc
a9cab0e5876e7e7eef3ccc012a8578b7bbb661e4 5040 node-css-what_4.0.0-3+deb11u1.debian.tar.xz
Checksums-Sha256:
0aba783de9d19aef86edd8cde33aa90a0e1f3f6a820fa2dc4d1f30d9a70e5f77 2098 node-css-what_4.0.0-3+deb11u1.dsc
63b4eab8283cdbef45d1df6f3613e67beb9fd7cd24b9e0ecd35875d10a6c140c 5040 node-css-what_4.0.0-3+deb11u1.debian.tar.xz
Files:
9d48180a034cb56ff4a934117e018dc4 2098 javascript optional node-css-what_4.0.0-3+deb11u1.dsc
4a615056e8221329037245a93480c9a5 5040 javascript optional node-css-what_4.0.0-3+deb11u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmR3GzoACgkQ9tdMp8mZ
7ulN4Q//by2Suhmprjf54NemJkkVErXxuX6W8Od6pTsUKXVMF3hcaBK52bDbAqhS
0bCcZO4NG/TUXpp5fD9dk7fa2h9lU5qajg9xOuPAz9uSLJWrcRH9VZ9baDIj77yf
NPcfsp6tJwY2/+i7+sA4O+SC+UlftBUPfI1EqDwUcWcZ4/lfbFCheTog6I87GPx2
S/PMEgWh9MqyT1RcyHxyIRjtrYRtPm2MyDKvB/LknOXNRpjIgbORy7SsoDa2PrQV
k/utGlmx8J2cW7GSzqjuL6qm9mUOWWIIHIuRygKV6ZJQVKkZa2AEFY2wKWELWAEk
oQJrktWncKKRbMKXC1JsDq3HSH0jDGRYInK9L75zGvwViYcp1zLYPo+YdePul9Rc
a6s/ppl2Uk64k+iLZt8hYAbb33cAQVA30qi/flt2OeSSN6l15mPF6LRaHjTppHZf
mw/GdZfcV39BPBqo6Wk9JWCAJ7svt8Hz/omIN4PCMwdXlpsOwaVMXTt9dR1uFYYR
+q3sk5C3zaVvcdOhRwqtXb65PFVtlKs53l1BwB9/4WX6dIPJrEi99kcYFQbETiG6
UBYKXyeLkGLeowacsP5uRGQzbU3PYMzalcnYrjP6kCS2ffBQywQM/pgrf001JE9s
t5ucBKD4N624n4+Nbg4g/xC8sVGAllxWeBldfQfoqaeK4JxAiXY=
=x2ti
-----END PGP SIGNATURE-----
More information about the Pkg-javascript-devel
mailing list