Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: d0548e38 by Salvatore Bonaccorso at 2019-02-10T14:18:08Z Reference upstream commit for CVE-2018-11696 which was merged - - - - - 75b2d8df by Salvatore Bonaccorso at 2019-02-10T14:18:37Z Fix for CVE-2018-11696 was only included in 3.5.5-1 - - - - - ed0962bb by Salvatore Bonaccorso at 2019-02-10T14:19:15Z Update commit for CVE-2018-11697 The original approach via https://github.com/xzyfer/libsass/commit/024bb12511ce43fae8bb3737558f5cfe37a38a59 was withdrawn an later https://github.com/sass/libsass/commit/eb15533b07773c30dc03c9d742865604f47120ef commited. - - - - - 49b06ac7 by Salvatore Bonaccorso at 2019-02-10T14:19:50Z Update status for CVE-2018-11697 https://github.com/sass/libsass/commit/eb15533b07773c30dc03c9d742865604f47120ef is not yet included in src:libsass . - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -40115,15 +40115,15 @@ CVE-2018-11698 (An issue was discovered in LibSass through 3.5.4. An out-of-boun [stretch] - libsass <no-dsa> (Minor issue) NOTE: https://github.com/sass/libsass/issues/2662 CVE-2018-11697 (An issue was discovered in LibSass through 3.5.4. An out-of-bounds read ...) - - libsass 3.5.4+20180621~c0a6cf3-1 + - libsass <unfixed> [stretch] - libsass <no-dsa> (Minor issue) NOTE: https://github.com/sass/libsass/issues/2656 - NOTE: https://github.com/xzyfer/libsass/commit/024bb12511ce43fae8bb3737558f5cfe37a38a59 + NOTE: https://github.com/sass/libsass/commit/eb15533b07773c30dc03c9d742865604f47120ef CVE-2018-11696 (An issue was discovered in LibSass through 3.5.4. A NULL pointer ...) - - libsass 3.5.4+20180621~c0a6cf3-1 + - libsass 3.5.5-1 [stretch] - libsass <no-dsa> (Minor issue) NOTE: https://github.com/sass/libsass/issues/2665 - NOTE: https://github.com/xzyfer/libsass/commit/0768c4a20fa3075d3b879c334f3fade13a763b08 + NOTE: https://github.com/sass/libsass/commit/38f4c3699d06b64128bebc7cf1e8b3125be74dc4 CVE-2018-11695 (An issue was discovered in LibSass through 3.5.2. A NULL pointer ...) - libsass <unfixed> [stretch] - libsass <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4a961fce792554c6c01fc030777fcb633b46481e...49b06ac7994143fd3a9bafc43fedbdbe4be107e7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4a961fce792554c6c01fc030777fcb633b46481e...49b06ac7994143fd3a9bafc43fedbdbe4be107e7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
