Control: tags -1 + confirmed On Thu, 2024-12-26 at 21:38 +0000, Bastien Roucariès wrote: > Fix CVE-2023-44270 (Closes: #1053282) > The vulnerability affects linters > using PostCSS to parse external untrusted CSS. > An attacker can prepare CSS in such a way that it will > contains parts parsed by PostCSS as a CSS comment. > After processing by PostCSS, it will be included in > the PostCSS output in CSS nodes (rules, properties) > despite being included in a comment. > * Fix CVE-2024-55565: > nanoid (aka Nano ID) a subcomponent of this package > mishandles non-integer values that could lead to DoS > by infinite loop.
Please go ahead. Regards, Adam
