I dug into the LTO for this package - it was fixed in a later package
update after impish:
libsass (3.6.5+20231221-1) experimental; urgency=high
[ upstream ]
* new development snapshot
+ fix most urgent issues in 2023;
closes: bug#1051893, #1051894, #1051895;
CVE-2022-26592 CVE-2022-43357 CVE-2022-43358
[ Jonas Smedegaard ]
* update copyright info: update coverage
* set urgency=high due to security bugfixes
* enable link-time optimization;
closes: bug#1015519, thanks to Matthias Klose
-- Jonas Smedegaard <[email protected]> Thu, 21 Dec 2023 19:57:09 +0100
so the package is infact LTO enabled, despite being present in the
global lto-disabled-list package.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26592
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-43357
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-43358
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2095582
Title:
[MIR] libsass
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libsass/+bug/2095582/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
