Package: release.debian.org Severity: normal Tags: bullseye User: [email protected] Usertags: pu
[ Reason ] node-ansi-regex is vulnerable to a ReDoS (CVE-2021-3807) [ Impact ] Little vulnerability [ Tests ] Test passed (no change) [ Risks ] Low risk, patch is trivial [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] Regex update. [ Other info ] I prefered to import new upstream release since change is exactly CVE fix. Cheers, Yadd
diff --git a/debian/changelog b/debian/changelog index 56d7a9c..c57aa87 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +node-ansi-regex (5.0.1-1~deb11u1) bullseye; urgency=medium + + * Team upload + * New upstream version 5.0.1 (Closes: CVE-2021-3807) + + -- Yadd <[email protected]> Wed, 22 Sep 2021 09:00:21 +0200 + node-ansi-regex (5.0.0-1) unstable; urgency=medium * Team upload diff --git a/debian/gbp.conf b/debian/gbp.conf index b713356..638e285 100644 --- a/debian/gbp.conf +++ b/debian/gbp.conf @@ -1,5 +1,6 @@ [DEFAULT] pristine-tar = True +debian-branch=bullseye [import-orig] filter = [ '.gitignore', '.travis.yml', '.git*' ] diff --git a/index.js b/index.js index 35054aa..616ff83 100644 --- a/index.js +++ b/index.js @@ -2,7 +2,7 @@ module.exports = ({onlyFirst = false} = {}) => { const pattern = [ - '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)', + '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)', '(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))' ].join('|'); diff --git a/package.json b/package.json index 7af801f..017f531 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "ansi-regex", - "version": "5.0.0", + "version": "5.0.1", "description": "Regular expression for matching ANSI escape codes", "license": "MIT", "repository": "chalk/ansi-regex", diff --git a/readme.md b/readme.md index 3c2b77c..4d848bc 100644 --- a/readme.md +++ b/readme.md @@ -1,4 +1,4 @@ -# ansi-regex [](https://travis-ci.org/chalk/ansi-regex) +# ansi-regex > Regular expression for matching [ANSI escape > codes](https://en.wikipedia.org/wiki/ANSI_escape_code)
