Your message dated Tue, 06 Sep 2022 04:33:50 +0000
with message-id <e1ovqhw-00cbzn...@fasolo.debian.org>
and subject line Bug#1019219: fixed in node-sanitize-html 2.7.1+~2.6.2-1
has caused the Debian Bug report #1019219,
regarding node-sanitize-html: CVE-2022-25887
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1019219: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019219
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: node-sanitize-html
Version: 2.7.0+~2.6.2-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for node-sanitize-html.
CVE-2022-25887[0]:
| The package sanitize-html before 2.7.1 are vulnerable to Regular
| Expression Denial of Service (ReDoS) due to insecure global regular
| expression replacement logic of HTML comment removal.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-25887
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25887
[1]
https://github.com/apostrophecms/sanitize-html/commit/b4682c12fd30e12e82fa2d9b766de91d7d2cd23c
[2] https://github.com/apostrophecms/sanitize-html/pull/557
[3] https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-sanitize-html
Source-Version: 2.7.1+~2.6.2-1
Done: Yadd <y...@debian.org>
We believe that the bug you reported is fixed in the latest version of
node-sanitize-html, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1019...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <y...@debian.org> (supplier of updated node-sanitize-html package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 06 Sep 2022 06:12:56 +0200
Source: node-sanitize-html
Built-For-Profiles: nocheck
Architecture: source
Version: 2.7.1+~2.6.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Yadd <y...@debian.org>
Closes: 1019219
Changes:
node-sanitize-html (2.7.1+~2.6.2-1) unstable; urgency=medium
.
* Team upload
* Update standards version to 4.6.1, no changes needed.
* New upstream version (Closes: #1019219, CVE-2022-25887)
Checksums-Sha1:
b4840eff1b59bddd7ea255ab3dad423a1bbb7a48 2709
node-sanitize-html_2.7.1+~2.6.2-1.dsc
9c47960841b9def1e4c9dfebaaab010a3f6e97b9 2815
node-sanitize-html_2.7.1+~2.6.2.orig-types-sanitize-html.tar.gz
e49553593794df02e2aee3f4bddc103b02a7f614 39812
node-sanitize-html_2.7.1+~2.6.2.orig.tar.gz
89f8d77314d1385a851abeb92c674d936f737a3e 3600
node-sanitize-html_2.7.1+~2.6.2-1.debian.tar.xz
Checksums-Sha256:
86d3b89b8d0b076dc7eb7be21e653c12ced5878271c026c358a0a23572b6d29f 2709
node-sanitize-html_2.7.1+~2.6.2-1.dsc
82d3d83c54d31071274aa60a943a26933700d0ac6ef3ed6a03bf839f5600d6b2 2815
node-sanitize-html_2.7.1+~2.6.2.orig-types-sanitize-html.tar.gz
a71aecd65c2aada88300513470727e090c80c780a151d86007fef9c34c75b8d9 39812
node-sanitize-html_2.7.1+~2.6.2.orig.tar.gz
54fe1573a889f14260240df3d1d9167cd83375e415914f2f594ca052e99c6c3c 3600
node-sanitize-html_2.7.1+~2.6.2-1.debian.tar.xz
Files:
bbb2f041a2b370bda3f59951c01a4da6 2709 javascript optional
node-sanitize-html_2.7.1+~2.6.2-1.dsc
d2d0e8a7f4f420229708f90afa61a02f 2815 javascript optional
node-sanitize-html_2.7.1+~2.6.2.orig-types-sanitize-html.tar.gz
15d56fccdf5124dd7d6e7846c5085928 39812 javascript optional
node-sanitize-html_2.7.1+~2.6.2.orig.tar.gz
850e315de2aa899d9f629bb58fa9aa28 3600 javascript optional
node-sanitize-html_2.7.1+~2.6.2-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmMWyYAACgkQ9tdMp8mZ
7un9GA//R27zN1S5rnr7GKrFM7gdCs3Mn4MUpsd4/PlzNDxPBxw1/Dh/8zYIipBP
nFg6BzwHNTPxmCRFqwaG0eywt4y7J9lnGl8NjtYFPUSdoUiPprwR7MXDx5IlRgA3
5mQ/m5XSklUlqYTl3H/EYSVtWtZjeol0vENkbuhBj6IlICAf3/zIZgFPPSe/o1ve
V8e5hkrUl9VyZBQeQUvWfRZx14vGBk88Kr0qxZhm5IOGN0jBYV+7XylujyxRnbSb
5EpNvJll0Fc5nJsWvh4AuqbFyl8CKaOfCFbD1S76LbeOBpDyywkHjMEfZw0N6Rqz
i6AKVPPU3w051lEDAk+xTpsHYVt3PdBQ/6kKKdrjiRgo+bomCS9NKply1ojsyZyI
qeG09B0WKy3J+YfFyJSZIeZGUlywO2J8HmpygkZwHPDBiSoDu1u7F0Hl66KUB8ZC
7NYA/m7JaXeCUpETNX2gp1TYi7WwP5pqzUc8haHR4C0VKDRcK2YSIVgb+5Kk9c1S
YLPRJoSdw4XAZWzr+OegPQcTvlY1zamtO840/29lupD+qr5Z+YftDYQn7dkvWP9O
cxZPLbflYlbFzw5ZRXoQ2yUPtFq5o50icnJ/VKTbRqHHgFok53DTxnFhZ6vTxzcH
bg3pVaFWN/1lP2aBKd8VsTDd8+a51PqEzv2usnWSCj50jXAiupA=
=A4BC
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
