Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted node-postcss 8.2.1+~cs5.3.23-8+deb11u1 (source) into oldstable-security
Date: Thu, 26 Dec 2024 22:20:22 +0000
Signed by: Bastien ROUCARIÈS <rouca@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 26 Dec 2024 21:48:59 +0000
Source: node-postcss
Architecture: source
Version: 8.2.1+~cs5.3.23-8+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1053282
Changes:
 node-postcss (8.2.1+~cs5.3.23-8+deb11u1) bullseye-security; urgency=medium
 .
   * Team upload
   * Fix CVE-2021-23566: Nanoid was vulnerable to Information
     Exposure via the valueOf() function which allows to
     reproduce the last id generated.
   * Fix CVE-2023-44270 (Closes: #1053282)
     The vulnerability affects linters
     using PostCSS to parse external untrusted CSS.
     An attacker can prepare CSS in such a way that it will
     contains parts parsed by PostCSS as a CSS comment.
     After processing by PostCSS, it will be included in
     the PostCSS output in CSS nodes (rules, properties)
     despite being included in a comment.
   * Fix CVE-2024-55565:
     nanoid (aka Nano ID) a subcomponent of this package
     mishandles non-integer values that could lead to DoS
     by infinite loop.
Checksums-Sha1:
 80fab2dced7f9cdfbf99f2acd91d74c2fd24cf3e 3143 node-postcss_8.2.1+~cs5.3.23-8+deb11u1.dsc
 c2f8379855a4108a37888ed190a8f37274245df6 5803 node-postcss_8.2.1+~cs5.3.23.orig-colorette.tar.gz
 0c92367ac5b409966ae436fd00831d5fff7fa901 12831 node-postcss_8.2.1+~cs5.3.23.orig-line-column.tar.gz
 782dd15a9c3999abd45749d3cd891d901564d856 222680 node-postcss_8.2.1+~cs5.3.23.orig-nanoid.tar.gz
 312101f300b6df995bf5b2023418e315fa2f933d 312728 node-postcss_8.2.1+~cs5.3.23.orig.tar.gz
 4828a38d4c2f04c24d7f1ace260c6af7e6e3fbe4 7700 node-postcss_8.2.1+~cs5.3.23-8+deb11u1.debian.tar.xz
 43467112bd5c55188b8c6b628522663db9463b4f 7750 node-postcss_8.2.1+~cs5.3.23-8+deb11u1_amd64.buildinfo
Checksums-Sha256:
 a28242fbaa8128529f1a038c0f3790184890af5f9de3ca7a62b6d8cd22b70ee9 3143 node-postcss_8.2.1+~cs5.3.23-8+deb11u1.dsc
 d9c6aaddbdb1b14ad09a24377dd4696f3acea75bca86241e888d787a681c0489 5803 node-postcss_8.2.1+~cs5.3.23.orig-colorette.tar.gz
 6a4ffcb53a9af2ff0649b9c005a9815148fb4227350421f408604b14a917937b 12831 node-postcss_8.2.1+~cs5.3.23.orig-line-column.tar.gz
 dbf40a9d9c2fab5e5aa126cbb0fd136aad161df6ab5dd17d9b99c2444d1f0aac 222680 node-postcss_8.2.1+~cs5.3.23.orig-nanoid.tar.gz
 b4263ef6a2d89f93b8685c1fe3e8a4f00b38a0a0adaa3aec51f46a483b01923c 312728 node-postcss_8.2.1+~cs5.3.23.orig.tar.gz
 650b02c313ece776b3de6b4e4aa32951a1e7e8495c8eb57b75e189f83c52612d 7700 node-postcss_8.2.1+~cs5.3.23-8+deb11u1.debian.tar.xz
 d83a1e4d2aac86a828722d18da37aa2a1eb8cb909da61a3aadf3a6b1e54447f5 7750 node-postcss_8.2.1+~cs5.3.23-8+deb11u1_amd64.buildinfo
Files:
 a5fc17574283947fb63c5b7ea961e692 3143 javascript optional node-postcss_8.2.1+~cs5.3.23-8+deb11u1.dsc
 05079ef13f8cb44b1455b71f7b174384 5803 javascript optional node-postcss_8.2.1+~cs5.3.23.orig-colorette.tar.gz
 35d124028e8c3a2f5ebeddff6aebe804 12831 javascript optional node-postcss_8.2.1+~cs5.3.23.orig-line-column.tar.gz
 6f997107d0cbc95799bc00e89a3c1ba4 222680 javascript optional node-postcss_8.2.1+~cs5.3.23.orig-nanoid.tar.gz
 56a235c7c1fee8235befc292a29810a7 312728 javascript optional node-postcss_8.2.1+~cs5.3.23.orig.tar.gz
 7031b6a2d08c45b8a3ff1394e1790e25 7700 javascript optional node-postcss_8.2.1+~cs5.3.23-8+deb11u1.debian.tar.xz
 3bac258174d7778e90ae02b33c8bc891 7750 javascript optional node-postcss_8.2.1+~cs5.3.23-8+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmdt04ARHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF+NLw/+I0f3DsbM9JLrOzjr0l29VeRj9blT6PkC
aU0/SH530VQHDQvLWAVEHP31DDtKmI2usb15n1EjweTfxdA8CNOZiwAUwX0VmbR+
az08+UkECOJ5X/jEpVsvw93JnXqBEJbFEh1YU6fSl3mKHOQdYdLwiULuatMK0HV/
AsGFyeAI8j4U+DA9vCOJGURrVj0qTzMbNn1Scz2RYM1BEj2/Qu/O3q2RpdVeThPf
n2FC53DQykPtSXaQlaY5ztB29+GhPFb8UQspqCm30UvvEjZt8OBfjJ/XVhQOyIWr
Asm38jVp+av54lQ4mm66ysXUc/KCYcxBrvBimSDc3DiETHGeFd9K6Hs/N5AfrtAv
6z5UsZ+2HIx6tcWmgqKvOS9lRN3bHB4/ZJf59tgn8erGVbab4/Aya/1a3Rc1kJQF
+Sv5EYhhTCCs9tZOcwP3W0r5HbMhZA4DSZwzqVy0MCQGuZasyp0Ag4osPywVkr4e
+Gxm4aCR+Mr1rzou5TbzP3PlooCJ6NqnAe012nH6s0alSw91lrfLs3iwLCLF8yep
1iln15gtojUTQU8NCiphXMHoc4kGRPtWGzv6wyS4wnFYfy+uN5clcUUVj3ya6t6z
UlD88GAMhqNhCNqngoYEDVquBZxf7qG4gUYqyc65lpBmOnrFbuBRVCXsa0VILXT2
yvs/RSB3M3M=
=palh
-----END PGP SIGNATURE-----
News for package node-postcss
