-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 26 Dec 2024 21:13:18 +0000
Source: node-postcss
Architecture: source
Version: 8.4.20+~cs8.0.23-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1053282
Changes:
 node-postcss (8.4.20+~cs8.0.23-1+deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * Fix CVE-2023-44270 (Closes: #1053282)
     The vulnerability affects linters
     using PostCSS to parse external untrusted CSS.
     An attacker can prepare CSS in such a way that it will
     contains parts parsed by PostCSS as a CSS comment.
     After processing by PostCSS, it will be included in
     the PostCSS output in CSS nodes (rules, properties)
     despite being included in a comment.
   * Fix CVE-2024-55565:
     nanoid (aka Nano ID) a subcomponent of this package
     mishandles non-integer values that could lead to DoS
     by infinite loop.
Checksums-Sha1:
 fc233558a2cb4ab1f39a3d2cfb7fc4d938c406e7 3722 node-postcss_8.4.20+~cs8.0.23-1+deb12u1.dsc
 08f5f6e8a6e1f704a7032ae882dca723e2655833 7183 node-postcss_8.4.20+~cs8.0.23.orig-colorette.tar.gz
 0c92367ac5b409966ae436fd00831d5fff7fa901 12831 node-postcss_8.4.20+~cs8.0.23.orig-line-column.tar.gz
 5310a9497e8c2edd204452459394d757947b6b1f 86146 node-postcss_8.4.20+~cs8.0.23.orig-nanoid.tar.gz
 510cbbed6594b6124563419b135ab1704d98d9af 238388 node-postcss_8.4.20+~cs8.0.23.orig-source-map-js.tar.gz
 a023594447d4e4cc2456a485223ad1bce190786d 163219 node-postcss_8.4.20+~cs8.0.23.orig.tar.gz
 cba870e6925a2cd4299719d8ce13575a14ce5ad5 19076 node-postcss_8.4.20+~cs8.0.23-1+deb12u1.debian.tar.xz
 bc9f721c7105cfb81d66d015efe660cdfe3add5c 9524 node-postcss_8.4.20+~cs8.0.23-1+deb12u1_amd64.buildinfo
Checksums-Sha256:
 fadaa3424cb40451391cc254995a2d9fbf9ce6e8a3790f6a9fec250e8044cedd 3722 node-postcss_8.4.20+~cs8.0.23-1+deb12u1.dsc
 1b9d7c7ab40ca5afbec92fc142c59545d21c0661a8c7254bee96c2996859a625 7183 node-postcss_8.4.20+~cs8.0.23.orig-colorette.tar.gz
 6a4ffcb53a9af2ff0649b9c005a9815148fb4227350421f408604b14a917937b 12831 node-postcss_8.4.20+~cs8.0.23.orig-line-column.tar.gz
 e6d734b3f00ad3b0ab25eb5fe16245ab2e27a16b9a9aede39bcde7bd19384c1f 86146 node-postcss_8.4.20+~cs8.0.23.orig-nanoid.tar.gz
 a2c22d4685b76aa494dcb72e0655c54e74f1d42a37734ffe7971a00a9f5ab002 238388 node-postcss_8.4.20+~cs8.0.23.orig-source-map-js.tar.gz
 db429201b99e82d91fd268f7d980e3eb33624d3f90b8038a587154d1bea2ac65 163219 node-postcss_8.4.20+~cs8.0.23.orig.tar.gz
 463cde6141071d3b47a5fca38ea42a650d8c5ea290b84e43aa52a1d93c5ec109 19076 node-postcss_8.4.20+~cs8.0.23-1+deb12u1.debian.tar.xz
 39d0295194649679b8382cdcf3b2986dcd924ddd26b42d8876488e11d23a73ac 9524 node-postcss_8.4.20+~cs8.0.23-1+deb12u1_amd64.buildinfo
Files:
 027893c47fc9fef1b5228a65378787c2 3722 javascript optional node-postcss_8.4.20+~cs8.0.23-1+deb12u1.dsc
 20a7250665bef2c9c19d7fe8a0711010 7183 javascript optional node-postcss_8.4.20+~cs8.0.23.orig-colorette.tar.gz
 35d124028e8c3a2f5ebeddff6aebe804 12831 javascript optional node-postcss_8.4.20+~cs8.0.23.orig-line-column.tar.gz
 39fa185a5f7803d57ec740a232250e24 86146 javascript optional node-postcss_8.4.20+~cs8.0.23.orig-nanoid.tar.gz
 b7bd1306a462107d28514afe6ca26450 238388 javascript optional node-postcss_8.4.20+~cs8.0.23.orig-source-map-js.tar.gz
 de7661e12c19bd89b0d7ea85df5317ce 163219 javascript optional node-postcss_8.4.20+~cs8.0.23.orig.tar.gz
 ae07bd083616fc344a1e73b2c10f57b8 19076 javascript optional node-postcss_8.4.20+~cs8.0.23-1+deb12u1.debian.tar.xz
 2ed0b6766990bb24d99f1bf2a91b8446 9524 javascript optional node-postcss_8.4.20+~cs8.0.23-1+deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmeCgIYRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF8ZHxAAtuf2PgHOafHaj9MQaQKAu1gRA7OeSIL4
igzlG5T3pvqlzVSV1Ryvw6eAAyUi6FF+xooyxyApLp/RFO1afG1hoLIz08xdAwjd
u+JDeGJEGwXKCD7u8sbQo/WD5QBVl8GlPcrgo4752+ZXPDzgGFS/rh5o1t5pNm9H
KZrginrWvAB76+pV82+ICViwvVunesR/LNWgUsSEU5/h7MqNCFkBYp+fhDWMN6LT
o53PE2OT4Nt5YKRdzi+zIf5CGozHSmoT7dLiBk8BL8cwsL6rjzQD9oBruVtm2ZyB
vcp/LXjaZJ2686OyyjchbsqURwYIvQEQUvVAsb9nvrsqfuTBMRvyOcLRV4KRn02p
d7Zv6XuiS8itjuhnxIr733SOtExcD29K0CU0Oq0UWs3oqyI5HsiDeODQdjjmQDcb
6feHD7aDelvB8DCl6CXTK6rB5L4/hpWcvhR5Yo31+nhT5Qz/KRzBGprkUV6CBljX
kqWlacazjOj/CsAlutCaPsWHGzJKvDztNsE123R18imIwUpaoGvMYeGJMj000xBJ
s07yaQQkWqBmhc2P7aT8l08XKKh+EMvDYKWP2E+g3PT5yhQHqm7GA+TMDU8CD4Sc
M1MwwktHl8Gjt8tifJH8KU3ioSxJMdM/Gu0RLODfM8bETLpWkMeUygf1dSW0OOje
EGiqpdk2ch4=
=QCXa
-----END PGP SIGNATURE-----