[SECURITY] [DLA 3350-1] node-css-what security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3350-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Bastien Roucaries
March 03, 2023 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : node-css-what
Version : 2.1.0-1
CVE ID : CVE-2022-21222 CVE-2021-33587
Debian Bug : #1032188
node-css-what was vulnerable to Regular Expression Denial of Service
(ReDoS) due to the usage of insecure regular expression in the
re_attr variable.
The exploitation of this vulnerability could be triggered
via the parse function.
For Debian 10 buster, this problem has been fixed in version
2.1.0-1+deb10u1.
We recommend that you upgrade your node-css-what packages.
For the detailed security status of node-css-what please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/node-css-what
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmQB0N8ACgkQADoaLapB
CF8FvA//bGZ4RT18gB2zq0ntKGoSiglfyUFFWDvojByo3i+amPKHjNE4aE+KM5M/
igK5oKDx5YNhjXBi2B9mhO+vWv9vwlnLW3sYZPzLd7Yao2uE2PtKR3PD4YRgovrl
0sCKgNiZg6pC6cJHmlAiDf4cdQ7zkmCFXqsf7JVXWbhHlWl9RExacFyU1G5SrHha
sG6vNjX6cZHOp2FN89n6BAzmaIos6PLaVJylLH6KxbthGmTHYOQHgh8Am9XZik52
88JMTAtWPn9lLVxTmOZvv+kzHr1SgY5/+V5vK3W6egRDQ+7lf5rp08MLa0oVqSXm
zEu/IlRsiarb6wHoe3o+et//R5OTqy1jz03DG6kXEKbUsQk9yAOdh7ENmOfy2a79
sbVUKwIknB5eLxmVaLoQ6EtfrXvEv0RLbTKqDdPg4+i8RK1V0ScDSGooYb/t0ZeI
buKCN5nSqAz7cU0SKywPUb1w5l+97U8nB9dFsQusEyUETJhO2Gq7kEqA4fLcgwBl
RLGyKvUvK47O9VP9YD9xqkuWSmaLZHJ8x5aZ7dtQu27CL7Q/w26P1V//wDEknZ5H
VgG4eCGBq3mll5RgTVAKxZb/851L1Sg/u6c8aCXuqdmIr2hB10vTqAazEc8VQl2p
iZSPdQS6CAjG3AaL5oyyqlKMSm+CEkN0BUwc0TEX40Yd0va3dB0=
=OzxV
-----END PGP SIGNATURE-----
Reply to: