Your message dated Tue, 17 Oct 2023 15:04:11 +0000 with message-id <e1qslcb-00brxj...@fasolo.debian.org> and subject line Bug#1053282: fixed in node-postcss 8.4.31+~cs8.0.26-1 has caused the Debian Bug report #1053282, regarding node-postcss: CVE-2023-44270 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1053282: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053282 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: node-postcss Version: 8.4.20+~cs8.0.23-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for node-postcss. CVE-2023-44270[0]: | An issue was discovered in PostCSS before 8.4.31. It affects linters | using PostCSS to parse external Cascading Style Sheets (CSS). There | may be \r discrepancies, as demonstrated by @font-face{ | font:(\r/*);} in a rule. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-44270 https://www.cve.org/CVERecord?id=CVE-2023-44270 [1] https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: node-postcss Source-Version: 8.4.31+~cs8.0.26-1 Done: Yadd <y...@debian.org> We believe that the bug you reported is fixed in the latest version of node-postcss, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1053...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd <y...@debian.org> (supplier of updated node-postcss package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 17 Oct 2023 18:47:34 +0400 Source: node-postcss Architecture: source Version: 8.4.31+~cs8.0.26-1 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-de...@lists.alioth.debian.org> Changed-By: Yadd <y...@debian.org> Closes: 1053282 Changes: node-postcss (8.4.31+~cs8.0.26-1) unstable; urgency=medium . * Team upload * Update standards version to 4.6.2, no changes needed. * New upstream version 8.4.31+~cs8.0.26 (Closes: #1053282, CVE-2023-44270) * Unfuzz patch Checksums-Sha1: d07c5c27b867ffbe4a07012ffb58875816eb6f64 3665 node-postcss_8.4.31+~cs8.0.26-1.dsc 0346499a55c296d7688376bef0262d53a5dc6867 7187 node-postcss_8.4.31+~cs8.0.26.orig-colorette.tar.gz 0c92367ac5b409966ae436fd00831d5fff7fa901 12831 node-postcss_8.4.31+~cs8.0.26.orig-line-column.tar.gz 2cf58a5767b9fd78470acfde9d8112ac09bc5ae7 89700 node-postcss_8.4.31+~cs8.0.26.orig-nanoid.tar.gz 510cbbed6594b6124563419b135ab1704d98d9af 238388 node-postcss_8.4.31+~cs8.0.26.orig-source-map-js.tar.gz afb79f2d1eb82e7a4b539af8b3b50d03968d09cd 168532 node-postcss_8.4.31+~cs8.0.26.orig.tar.gz 29df52203ac2274c228f8bb60306bd6427f3c5f6 17204 node-postcss_8.4.31+~cs8.0.26-1.debian.tar.xz Checksums-Sha256: a8c7f56d255367f45a6245949a63d64e19910a8d654841bc5ae41658d9db0506 3665 node-postcss_8.4.31+~cs8.0.26-1.dsc c581e8619b18429b80b203706d3615adb69f524dc6244297600d6cf2f7d48f08 7187 node-postcss_8.4.31+~cs8.0.26.orig-colorette.tar.gz 6a4ffcb53a9af2ff0649b9c005a9815148fb4227350421f408604b14a917937b 12831 node-postcss_8.4.31+~cs8.0.26.orig-line-column.tar.gz 134d30fa5a7d3161808e3d20f037c64e6754f26a70b635c7259e939c1f15daac 89700 node-postcss_8.4.31+~cs8.0.26.orig-nanoid.tar.gz a2c22d4685b76aa494dcb72e0655c54e74f1d42a37734ffe7971a00a9f5ab002 238388 node-postcss_8.4.31+~cs8.0.26.orig-source-map-js.tar.gz 3fe8aa24df15ea2cdf2247d71e9e84d55948939f1f738f22175b087ca69fb4f8 168532 node-postcss_8.4.31+~cs8.0.26.orig.tar.gz abacf017dce47b35b2bc9505aef7ce26d4ca352b84378c6cda87d9bef11cc370 17204 node-postcss_8.4.31+~cs8.0.26-1.debian.tar.xz Files: 99056f038cb34bb9a6139c16c13ab978 3665 javascript optional node-postcss_8.4.31+~cs8.0.26-1.dsc dcae0cde17a57f12d386a6b553b0ce3d 7187 javascript optional node-postcss_8.4.31+~cs8.0.26.orig-colorette.tar.gz 35d124028e8c3a2f5ebeddff6aebe804 12831 javascript optional node-postcss_8.4.31+~cs8.0.26.orig-line-column.tar.gz 2cf4637101853e7b19b42b754c3f42dc 89700 javascript optional node-postcss_8.4.31+~cs8.0.26.orig-nanoid.tar.gz b7bd1306a462107d28514afe6ca26450 238388 javascript optional node-postcss_8.4.31+~cs8.0.26.orig-source-map-js.tar.gz 5c4532b48b904df7f8f0727a9b2d973e 168532 javascript optional node-postcss_8.4.31+~cs8.0.26.orig.tar.gz e96374f6cab0921d107818d0286d5479 17204 javascript optional node-postcss_8.4.31+~cs8.0.26-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmUunsIACgkQ9tdMp8mZ 7umMMQ//QQTkBWC9F3cBNGNoJttjrs5xTVMSNpSF/1ExkyrNgvUkM5XVjLPYaQGK 7hOpIBCV2rEjleJDjp4zZ16I2cD1V/+x+J7X6Mvs8L9eosz5lPBwny8eSC99fwoN 2cAxwRVnoE9VkeF9HR108KsWxjdb6MsneR4G6dsFZa7YlNUcwHWxpHhmAxfERerW tw8K+nRvZ4us0czlK4BNeUHLsqSeDwiVbxr2devF8+E9pLng2S/dbK/yQ464l2Yd 9m1DP8wAjlsLy4rApzpT7V6CSCNykhbxGF3XvjMw0Hh5gp7AEv5lJPTitA6kGsNu +sqpaW6qpCItVvNOmwldm4sLadoDGyv1E+pDYglWUVwioBK/ikWxCNmoDMujM0eS UbY7KLJhTnflJtsOGBC93i5onrPQ1fONqGmsId8ef35wBW4Ky5JFBG8Jy6R4hA3l 5OJ88rW69FNw/Ob04WjAieJDlo//EQQbDJDFhQgUMUvxIVEJob62XjNeHhTk/TYi o7SOo6fygQfXN0hQMzdKIBcmjvxY1OTXTZyuTh3NYAzaJVf8JnoCBBR1ZLRBiYqE PNWKt+Ne2ap3jv+4PDBJZ3AP3IhqOjhLN07FA6BP0kl1IiOnW8+RT/6GgjETbN0Z ksvPicBPr9dpV7cX/4VqkS0APKBlYWqcQYfyZQ5KQ5qpWN4XpY0= =ocOT -----END PGP SIGNATURE-----
--- End Message ---
-- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
