Package: node-css-what; Maintainer for node-css-what is Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>; Source for node-css-what is src:node-css-what (PTS, buildd, popcon).
Reported by: Bastien Roucariès <bastien.roucaries@cyu.fr>
Date: Wed, 1 Mar 2023 12:06:02 UTC
Severity: important
Tags: fixed-upstream, security, upstream
Found in versions node-css-what/4.0.0-3, node-css-what/2.1.0-1
Fixed in version node-css-what/5.0.1-1
Done: Bastien ROUCARIES <roucaries.bastien@gmail.com>
Reply or subscribe to this bug.
View this report as an mbox folder, status mbox, maintainer mbox
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
[0005-Final-ReDos-Fix.patch (text/x-patch, attachment)]
[0001-Partial-fix-of-reDos.patch (text/x-patch, attachment)]
[0002-Partial-fix-of-ReDos.patch (text/x-patch, attachment)]
[0003-Partial-Fix-of-ReDos.patch (text/x-patch, attachment)]
[0004-Partial-ReDoS-fix.patch (text/x-patch, attachment)]
Reply sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>
:
You have taken responsibility.
(Wed, 01 Mar 2023 13:27:03 GMT) (full text, mbox, link).
Message #10 received at 1032188-done@bugs.debian.org (full text, mbox, reply):
Marked as found in versions node-css-what/2.1.0-1.
Request was from roucaries.bastien@gmail.com
to control@bugs.debian.org
.
(Wed, 01 Mar 2023 13:45:07 GMT) (full text, mbox, link).
No longer marked as fixed in versions 5.0.1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Wed, 01 Mar 2023 13:57:12 GMT) (full text, mbox, link).
Marked as fixed in versions node-css-what/5.0.1-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Wed, 01 Mar 2023 13:57:13 GMT) (full text, mbox, link).
Added tag(s) upstream and fixed-upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Wed, 01 Mar 2023 13:57:14 GMT) (full text, mbox, link).
Changed Bug title to 'node-css-what: CVE-2022-21222' from 'node-css-what: CVE-2022-21222/CVE-2021-33587'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Wed, 01 Mar 2023 13:57:15 GMT) (full text, mbox, link).
Message #25 received at 1032188@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
[node-css-what_4.0.0-3+deb11u1.debdiff (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]
Message #30 received at 1032188@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
[node-css-what_2.1.0-1+deb10u1.debdiff (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]
Message #35 received at 1032188@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
[node-css-what_2.1.0-1+deb9u1.debdiff (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]
Message #40 received at 1032188@bugs.debian.org (full text, mbox, reply):
Severity set to 'important' from 'serious'
Request was from Yadd <yadd@debian.org>
to control@bugs.debian.org
.
(Thu, 02 Mar 2023 02:51:04 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.