node-css-loader - Debian Package Tracker

general

source: node-css-loader (main)
version: 6.8.1+~cs14.0.17-2
maintainer: Debian Javascript Maintainers (archive) (DMD)
uploaders: Pirate Praveen [DMD]
arch: all
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 5.0.1+~cs14.0.5-1
oldstable: 6.7.2+~cs14.0.11-1
stable: 6.8.1+~cs14.0.17-1
testing: 6.8.1+~cs14.0.17-2
unstable: 6.8.1+~cs14.0.17-2

versioned links

5.0.1+~cs14.0.5-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.7.2+~cs14.0.11-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.8.1+~cs14.0.17-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.8.1+~cs14.0.17-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

node-css-loader (1 bugs: 0, 0, 1, 0)

action needed

A new upstream version is available: 7.1.4+~cs14.5.6 high

A new upstream version 7.1.4+~cs14.5.6 is available, you should consider packaging it.

Created: 2025-11-27 Last update: 2026-06-17 02:31

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2026-9358: A vulnerability was determined in postcss-selector-parser up to 6.1.2/7.1.2. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 6.1.3 and 7.1.3 is able to address this issue. This patch is called 5bc698cef66f8abd12610dc623e5d67cbc0f869d. It is suggested to upgrade the affected component. The vendor explains, that according to his definition "DoS on server-side on user-generated CSS is low risk for us (since most users compile own CSS with PostCSS)." The commits were backported to 6.x branch, which was the most downloaded version.

Created: 2026-06-05 Last update: 2026-06-16 05:30

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-9358: A vulnerability was determined in postcss-selector-parser up to 6.1.2/7.1.2. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 6.1.3 and 7.1.3 is able to address this issue. This patch is called 5bc698cef66f8abd12610dc623e5d67cbc0f869d. It is suggested to upgrade the affected component. The vendor explains, that according to his definition "DoS on server-side on user-generated CSS is low risk for us (since most users compile own CSS with PostCSS)." The commits were backported to 6.x branch, which was the most downloaded version.

Created: 2026-06-05 Last update: 2026-06-16 05:30

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2026-9358: (needs triaging) A vulnerability was determined in postcss-selector-parser up to 6.1.2/7.1.2. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 6.1.3 and 7.1.3 is able to address this issue. This patch is called 5bc698cef66f8abd12610dc623e5d67cbc0f869d. It is suggested to upgrade the affected component. The vendor explains, that according to his definition "DoS on server-side on user-generated CSS is low risk for us (since most users compile own CSS with PostCSS)." The commits were backported to 6.x branch, which was the most downloaded version.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-06-05 Last update: 2026-06-16 05:30

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2026-9358: (needs triaging) A vulnerability was determined in postcss-selector-parser up to 6.1.2/7.1.2. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 6.1.3 and 7.1.3 is able to address this issue. This patch is called 5bc698cef66f8abd12610dc623e5d67cbc0f869d. It is suggested to upgrade the affected component. The vendor explains, that according to his definition "DoS on server-side on user-generated CSS is low risk for us (since most users compile own CSS with PostCSS)." The commits were backported to 6.x branch, which was the most downloaded version.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-06-05 Last update: 2026-06-16 05:30

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.3).

Created: 2026-03-31 Last update: 2026-03-31 15:01

news

[rss feed]

[2026-01-07] node-css-loader 6.8.1+~cs14.0.17-2 MIGRATED to testing (Debian testing watch)
[2026-01-05] Accepted node-css-loader 6.8.1+~cs14.0.17-2 (source) into unstable (Santiago Vila)
[2023-10-15] node-css-loader 6.8.1+~cs14.0.17-1 MIGRATED to testing (Debian testing watch)
[2023-10-12] Accepted node-css-loader 6.8.1+~cs14.0.17-1 (source) into unstable (Ananthu C V) (signed by: Xavier Guimard)
[2022-12-05] node-css-loader 6.7.2+~cs14.0.11-1 MIGRATED to testing (Debian testing watch)
[2022-11-20] Accepted node-css-loader 6.7.2+~cs14.0.11-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-01-10] Accepted node-css-loader 5.2.7+~cs14.0.9-1 (source) into experimental (Yadd) (signed by: Xavier Guimard)
[2021-07-02] Accepted node-css-loader 5.0.1+~cs14.0.5-2 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2021-01-21] Accepted node-css-loader 5.0.1+~cs14.0.5-1~bpo10+1 (source all) into buster-backports (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2021-01-17] node-css-loader 5.0.1+~cs14.0.5-1 MIGRATED to testing (Debian testing watch)
[2020-12-26] Accepted node-css-loader 5.0.1+~cs14.0.5-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-12-24] Accepted node-css-loader 5.0.1+~cs12.2.8-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-12-22] node-css-loader 4.3.0+~cs17.2.8-2 MIGRATED to testing (Debian testing watch)
[2020-12-20] Accepted node-css-loader 5.0.1+~cs12.2.8-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-12-20] Accepted node-css-loader 4.3.0+~cs17.2.8-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-12-19] Accepted node-css-loader 4.3.0+~cs17.2.8-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-12-19] Accepted node-css-loader 3.2.1+~cs21.3.8.1-3 (source) into unstable (Xavier Guimard) (signed by: Praveen Arimbrathodiyil)
[2020-12-09] Accepted node-css-loader 3.2.1+~cs21.3.8.1-2~bpo10+1 (source all) into buster-backports (Sruthi Chandran)
[2020-12-09] node-css-loader 3.2.1+~cs21.3.8.1-2 MIGRATED to testing (Debian testing watch)
[2020-12-06] Accepted node-css-loader 3.2.1+~cs21.3.8.1-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-12-05] Accepted node-css-loader 3.2.1+~cs21.3.8.1-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-12-04] Accepted node-css-loader 3.2.1+~cs14.0.5-3 (source) into unstable (Xavier Guimard)
[2020-11-25] node-css-loader 3.2.1+~cs14.0.5-2 MIGRATED to testing (Debian testing watch)
[2020-11-19] Accepted node-css-loader 3.2.1+~cs14.0.5-2 (source) into unstable (Xavier Guimard)
[2020-11-18] Accepted node-css-loader 3.2.1+~cs14.0.5-1 (source) into experimental (Xavier Guimard)
[2020-10-25] node-css-loader 3.2.1-1 MIGRATED to testing (Debian testing watch)
[2020-10-25] node-css-loader 3.2.1-1 MIGRATED to testing (Debian testing watch)
[2020-10-19] Accepted node-css-loader 3.2.1-1 (source) into unstable (Xavier Guimard)
[2020-06-04] Accepted node-css-loader 2.1.1-1~bpo10+1 (source all) into buster-backports, buster-backports (Debian FTP Masters) (signed by: Praveen Arimbrathodiyil)
[2020-05-21] node-css-loader 2.1.1-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 2
RC: 0
I&N: 1
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 6.8.1+~cs14.0.17-2