-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3350-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucaries March 03, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : node-css-what Version : 2.1.0-1 CVE ID : CVE-2022-21222 CVE-2021-33587 Debian Bug : #1032188 node-css-what was vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable. The exploitation of this vulnerability could be triggered via the parse function. For Debian 10 buster, this problem has been fixed in version 2.1.0-1+deb10u1. We recommend that you upgrade your node-css-what packages. For the detailed security status of node-css-what please refer to its security tracker page at: https://security-tracker.debian.org/tracker/node-css-what Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmQB0N8ACgkQADoaLapB CF8FvA//bGZ4RT18gB2zq0ntKGoSiglfyUFFWDvojByo3i+amPKHjNE4aE+KM5M/ igK5oKDx5YNhjXBi2B9mhO+vWv9vwlnLW3sYZPzLd7Yao2uE2PtKR3PD4YRgovrl 0sCKgNiZg6pC6cJHmlAiDf4cdQ7zkmCFXqsf7JVXWbhHlWl9RExacFyU1G5SrHha sG6vNjX6cZHOp2FN89n6BAzmaIos6PLaVJylLH6KxbthGmTHYOQHgh8Am9XZik52 88JMTAtWPn9lLVxTmOZvv+kzHr1SgY5/+V5vK3W6egRDQ+7lf5rp08MLa0oVqSXm zEu/IlRsiarb6wHoe3o+et//R5OTqy1jz03DG6kXEKbUsQk9yAOdh7ENmOfy2a79 sbVUKwIknB5eLxmVaLoQ6EtfrXvEv0RLbTKqDdPg4+i8RK1V0ScDSGooYb/t0ZeI buKCN5nSqAz7cU0SKywPUb1w5l+97U8nB9dFsQusEyUETJhO2Gq7kEqA4fLcgwBl RLGyKvUvK47O9VP9YD9xqkuWSmaLZHJ8x5aZ7dtQu27CL7Q/w26P1V//wDEknZ5H VgG4eCGBq3mll5RgTVAKxZb/851L1Sg/u6c8aCXuqdmIr2hB10vTqAazEc8VQl2p iZSPdQS6CAjG3AaL5oyyqlKMSm+CEkN0BUwc0TEX40Yd0va3dB0= =OzxV -----END PGP SIGNATURE-----
