[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1032299: bullseye-pu: package node-css-what/4.0.0-3



Control: tags -1 + confirmed

On Fri, 2023-03-03 at 08:57 +0000, Bastien Roucariès wrote:
> CVE-2022-21222/CVE-2021-33587 The package css-what before 2.1.3 are
> vulnerable
> to Regular Expression Denial of Service (ReDoS) due to the usage of
> insecure
> regular expression in the re_attr variable of index.js. The
> exploitation of
> this vulnerability could be triggered via the parse function.
> 

+node-css-what (4.0.0-3+deb11u1) bullseye-security; urgency=medium

The distribution needs to simply be "bullseye" for a stable upload.

With that change, please go ahead.

Regards,

Adam


Reply to: