-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 26 Dec 2024 21:13:18 +0000
Source: node-postcss
Binary: node-postcss
Architecture: all
Version: 8.4.20+~cs8.0.23-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: all Build Daemon (x86-csail-02) <buildd_all-x86-csail-02@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 node-postcss - Tool for transforming styles with JS plugins
Closes: 1053282
Changes:
 node-postcss (8.4.20+~cs8.0.23-1+deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * Fix CVE-2023-44270 (Closes: #1053282)
     The vulnerability affects linters
     using PostCSS to parse external untrusted CSS.
     An attacker can prepare CSS in such a way that it will
     contains parts parsed by PostCSS as a CSS comment.
     After processing by PostCSS, it will be included in
     the PostCSS output in CSS nodes (rules, properties)
     despite being included in a comment.
   * Fix CVE-2024-55565:
     nanoid (aka Nano ID) a subcomponent of this package
     mishandles non-integer values that could lead to DoS
     by infinite loop.
Checksums-Sha1:
 73c0bc2f1117f1463ce13f582b0841fd7a463e30 9198 node-postcss_8.4.20+~cs8.0.23-1+deb12u1_all-buildd.buildinfo
 6246105a98da4812984c3f7eb4d203479633d558 180596 node-postcss_8.4.20+~cs8.0.23-1+deb12u1_all.deb
Checksums-Sha256:
 3c3e9316eb558ca49a19031cb7e66a21512183260a13a87c77f43029b9a4902f 9198 node-postcss_8.4.20+~cs8.0.23-1+deb12u1_all-buildd.buildinfo
 333cf293225bd4c199207ea0ded9219ef9aad65584bd3e2895efc1782cd9d6d3 180596 node-postcss_8.4.20+~cs8.0.23-1+deb12u1_all.deb
Files:
 83b68907f5a0565937728da6cd1ad46d 9198 javascript optional node-postcss_8.4.20+~cs8.0.23-1+deb12u1_all-buildd.buildinfo
 75d56184ff8a4554bc8e4dd9fc9af9bb 180596 javascript optional node-postcss_8.4.20+~cs8.0.23-1+deb12u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEzcbx6nIE/ydHa1FFigL77i1GSVkFAmeHz4cACgkQigL77i1G
SVmUBw/+JdruxjwTgKVa9hiGvUYgGzqKkKgKNNBJWo2T3zYriqopk0jEUyi0OuWX
fpg6J+T/5idXojqOAZqpxlymURMtEeExDZMXaJclCpNDDyfTAPbQ4sCzCtkvBp6f
s/gXbDKC3/7il8a3PqC9oCySaUap3EcfVumG4VzUBeZMAffsuwX0x12BanDjFmLt
qa3nHuhoOWbWaZROL30GtQQHHanyMjya5vSyrX7Wd/D0IR9L3J/Xa+8cDlApDCP5
bUDPTaQkUIIX5QQ91+NUwTOJq4tR6qaQhuZAtt78PjLumPwUyLmMQLK9yWZwPMDv
esuB+WMryODUfOMvMsS8t1F6VKc152YmNATHzav0pWjw07jCHhQvLbIA2J7K3eMO
bhdaPUa0eP6DMrr64sAc4VODpzm2EyHcAU/l5RzumCKgWMklDIbOUdJ98lMiJhOM
MJEp54ilFyuVT+obdXZeBVSmDAw8PSXFXUcygoIIx+ELWSeHBG4UPr7cQpmYXiDp
do7w/f8ZZ+ufgYzjqC+E9qmkuI54PgGMbO2wijlNzrkuoKOasXHCtR5SuOiYNUz8
F0w6pH9OBpGil+PAu3/31FDHtgHtoBqY+qBGUWHDuc+GG0zCxCZzDRbIReuS+t91
Z63bKdFbcGbn522L/PxQkcJ1tUBvvaePJmEyrsDDY2/H5m1koDw=
=J6ie
-----END PGP SIGNATURE-----