Version in base suite: 1.19.0-1

Base version: ruby-css-parser_1.19.0-1
Target version: ruby-css-parser_1.19.0-1+deb13u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/r/ruby-css-parser/ruby-css-parser_1.19.0-1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/r/ruby-css-parser/ruby-css-parser_1.19.0-1+deb13u1.dsc

 changelog                    |    8 ++++++++
 patches/CVE-2026-44312.patch |   22 ++++++++++++++++++++++
 patches/series               |    1 +
 3 files changed, 31 insertions(+)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp0vxq2hhf/ruby-css-parser_1.19.0-1.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp0vxq2hhf/ruby-css-parser_1.19.0-1+deb13u1.dsc: no acceptable signature found
diff -Nru ruby-css-parser-1.19.0/debian/changelog ruby-css-parser-1.19.0/debian/changelog
--- ruby-css-parser-1.19.0/debian/changelog	2024-09-25 19:13:12.000000000 +0000
+++ ruby-css-parser-1.19.0/debian/changelog	2026-06-06 00:23:34.000000000 +0000
@@ -1,3 +1,11 @@
+ruby-css-parser (1.19.0-1+deb13u1) trixie; urgency=medium
+
+  * Team upload.
+  * Import upstream patch to stop disabling HTTPS certificate verification
+    when loading remote CSS. (CVE-2026-44312)
+
+ -- Aquila Macedo Costa <aquila@debian.org>  Fri, 05 Jun 2026 21:23:34 -0300
+
 ruby-css-parser (1.19.0-1) unstable; urgency=medium
 
   * New upstream version 1.19.0
diff -Nru ruby-css-parser-1.19.0/debian/patches/CVE-2026-44312.patch ruby-css-parser-1.19.0/debian/patches/CVE-2026-44312.patch
--- ruby-css-parser-1.19.0/debian/patches/CVE-2026-44312.patch	1970-01-01 00:00:00.000000000 +0000
+++ ruby-css-parser-1.19.0/debian/patches/CVE-2026-44312.patch	2026-06-06 00:23:34.000000000 +0000
@@ -0,0 +1,22 @@
+From e0c95d5abe91b237becb90ff316531a6547ada18 Mon Sep 17 00:00:00 2001
+From: Michael Grosser <michael@grosser.it>
+Date: Mon, 27 Apr 2026 17:10:14 -0700
+Subject: [PATCH] Merge pull request #186 from premailer/grosser/https
+
+verify ssl when loading files over https
+---
+ lib/css_parser/parser.rb | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/lib/css_parser/parser.rb b/lib/css_parser/parser.rb
+index 11dd36f..e8d8dcb 100644
+--- a/lib/css_parser/parser.rb
++++ b/lib/css_parser/parser.rb
+@@ -646,7 +646,6 @@ module CssParser
+             uri.port = 443 unless uri.port
+             http = Net::HTTP.new(uri.host, uri.port)
+             http.use_ssl = true
+-            http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+           else
+             http = Net::HTTP.new(uri.host, uri.port)
+           end
diff -Nru ruby-css-parser-1.19.0/debian/patches/series ruby-css-parser-1.19.0/debian/patches/series
--- ruby-css-parser-1.19.0/debian/patches/series	2024-09-25 19:13:12.000000000 +0000
+++ ruby-css-parser-1.19.0/debian/patches/series	2026-06-06 00:23:34.000000000 +0000
@@ -1,2 +1,3 @@
 0001-Sanitize-test-suite.patch
 0002-Disable-tests-that-hit-the-network.patch
+CVE-2026-44312.patch