[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3350-1] node-css-what security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3350-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Bastien Roucaries           
March 03, 2023                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : node-css-what
Version        : 2.1.0-1
CVE ID         : CVE-2022-21222 CVE-2021-33587
Debian Bug     : #1032188

node-css-what was vulnerable to Regular Expression Denial of Service
(ReDoS) due to the usage of insecure regular expression in the
re_attr variable.
The exploitation of this vulnerability could be triggered
via the parse function.

For Debian 10 buster, this problem has been fixed in version
2.1.0-1+deb10u1.

We recommend that you upgrade your node-css-what packages.

For the detailed security status of node-css-what please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/node-css-what

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmQB0N8ACgkQADoaLapB
CF8FvA//bGZ4RT18gB2zq0ntKGoSiglfyUFFWDvojByo3i+amPKHjNE4aE+KM5M/
igK5oKDx5YNhjXBi2B9mhO+vWv9vwlnLW3sYZPzLd7Yao2uE2PtKR3PD4YRgovrl
0sCKgNiZg6pC6cJHmlAiDf4cdQ7zkmCFXqsf7JVXWbhHlWl9RExacFyU1G5SrHha
sG6vNjX6cZHOp2FN89n6BAzmaIos6PLaVJylLH6KxbthGmTHYOQHgh8Am9XZik52
88JMTAtWPn9lLVxTmOZvv+kzHr1SgY5/+V5vK3W6egRDQ+7lf5rp08MLa0oVqSXm
zEu/IlRsiarb6wHoe3o+et//R5OTqy1jz03DG6kXEKbUsQk9yAOdh7ENmOfy2a79
sbVUKwIknB5eLxmVaLoQ6EtfrXvEv0RLbTKqDdPg4+i8RK1V0ScDSGooYb/t0ZeI
buKCN5nSqAz7cU0SKywPUb1w5l+97U8nB9dFsQusEyUETJhO2Gq7kEqA4fLcgwBl
RLGyKvUvK47O9VP9YD9xqkuWSmaLZHJ8x5aZ7dtQu27CL7Q/w26P1V//wDEknZ5H
VgG4eCGBq3mll5RgTVAKxZb/851L1Sg/u6c8aCXuqdmIr2hB10vTqAazEc8VQl2p
iZSPdQS6CAjG3AaL5oyyqlKMSm+CEkN0BUwc0TEX40Yd0va3dB0=
=OzxV
-----END PGP SIGNATURE-----


Reply to: