Hello community, here is the log from the commit of package libsass for openSUSE:Factory checked in at 2019-07-16 08:39:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libsass (Old) and /work/SRC/openSUSE:Factory/.libsass.new.1887 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libsass" Tue Jul 16 08:39:06 2019 rev:10 rq:714781 version:3.6.1 Changes: -------- --- /work/SRC/openSUSE:Factory/libsass/libsass.changes 2018-04-26 13:22:24.858402621 +0200 +++ /work/SRC/openSUSE:Factory/.libsass.new.1887/libsass.changes 2019-07-16 08:39:07.427061902 +0200 @@ -1,0 +2,30 @@ +Fri Jul 12 07:10:58 UTC 2019 - Cédric Bosdonnat <[email protected]> + +- Update version to 3.6.1: + + * Fix use-after-free vulnerability in sass_context.cpp:handle_error + bsc#1096894, CVE-2018-11499 + * Disallow parent selector in selector_fns arguments + bsc#1118301, CVE-2018-19797 + * Fix use-after-free vulnerability exists in the SharedPtr class + bsc#1118346, CVE-2018-19827 + * Fix stack-overflow in Eval::operator() + bsc#1118348, CVE-2018-19837 + * Fix stack-overflow at IMPLEMENT_AST_OPERATORS expansion + bsc#1118349, CVE-2018-19838 + * Fix buffer-overflow (OOB read) against some invalid input + bsc#1118351, CVE-2018-19839 + * Fix Null pointer dereference in Sass::Eval::operator()(Sass::Supports_Operator*) + bsc#1119789, CVE-2018-20190 + * Fix heap-buffer-overflow in Sass::Prelexer::parenthese_scope(char const*) + bsc#1121943, CVE-2019-6283 + * Fix heap-based buffer over-read exists in Sass:Prelexer:alternatives + bsc#1121944, CVE-2019-6284 + * Fix heap-based buffer over-read exists in Sass:Prelexer:skip_over_scopes + bsc#1121945, CVE-2019-6286 + * Fix uncontrolled recursion in Sass:Parser:parse_css_variable_value + bsc#1133200, CVE-2018-20821 + * Fix stack-overflow at Sass::Inspect::operator() + bsc#1133201, CVE-2018-20822 + +------------------------------------------------------------------- Old: ---- libsass-3.5.3.tar.gz New: ---- libsass-3.6.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libsass.spec ++++++ --- /var/tmp/diff_new_pack.yMz2kr/_old 2019-07-16 08:39:07.911061659 +0200 +++ /var/tmp/diff_new_pack.yMz2kr/_new 2019-07-16 08:39:07.911061659 +0200 @@ -1,7 +1,7 @@ # # spec file for package libsass # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,13 +12,13 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # -%define libname libsass-3_5_3-1 +%define libname libsass-3_6_1-1 Name: libsass -Version: 3.5.3 +Version: 3.6.1 Release: 0 Summary: Compiler library for A CSS preprocessor language License: MIT ++++++ libsass-3.5.3.tar.gz -> libsass-3.6.1.tar.gz ++++++ ++++ 30157 lines of diff (skipped)
