From 599fa9d451a2494354d71a463210e7d8ed9a02a4f9795d7d4aab5f2d736e7107 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= Date: Fri, 12 Jul 2019 07:43:57 +0000 Subject: [PATCH] Accepting request 714780 from home:cbosdonnat:branches:devel:libraries:c_c++ - Update version to 3.6.1: * Fix use-after-free vulnerability in sass_context.cpp:handle_error bsc#1096894, CVE-2018-11499 * Disallow parent selector in selector_fns arguments bsc#1118301, CVE-2018-19797 * Fix use-after-free vulnerability exists in the SharedPtr class bsc#1118346, CVE-2018-19827 * Fix stack-overflow in Eval::operator() bsc#1118348, CVE-2018-19837 * Fix stack-overflow at IMPLEMENT_AST_OPERATORS expansion bsc#1118349, CVE-2018-19838 * Fix buffer-overflow (OOB read) against some invalid input bsc#1118351, CVE-2018-19839 * Fix Null pointer dereference in Sass::Eval::operator()(Sass::Supports_Operator*) bsc#1119789, CVE-2018-20190 * Fix heap-buffer-overflow in Sass::Prelexer::parenthese_scope(char const*) bsc#1121943, CVE-2019-6283 * Fix heap-based buffer over-read exists in Sass:Prelexer:alternatives bsc#1121944, CVE-2019-6284 * Fix heap-based buffer over-read exists in Sass:Prelexer:skip_over_scopes bsc#1121945, CVE-2019-6286 * Fix uncontrolled recursion in Sass:Parser:parse_css_variable_value bsc#1133200, CVE-2018-20821 * Fix stack-overflow at Sass::Inspect::operator() bsc#1133201, CVE-2018-20822 OBS-URL: https://build.opensuse.org/request/show/714780 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libsass?expand=0&rev=22 --- libsass-3.5.3.tar.gz | 3 --- libsass-3.6.1.tar.gz | 3 +++ libsass.changes | 30 ++++++++++++++++++++++++++++++ libsass.spec | 8 ++++---- 4 files changed, 37 insertions(+), 7 deletions(-) delete mode 100644 libsass-3.5.3.tar.gz create mode 100644 libsass-3.6.1.tar.gz diff --git a/libsass-3.5.3.tar.gz b/libsass-3.5.3.tar.gz deleted file mode 100644 index 6c84adf..0000000 --- a/libsass-3.5.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f19fd5ce1c4209b9f3e2f6764e1e6c40194bf2e854865341f3c94d0d95c0cdd1 -size 327866 diff --git a/libsass-3.6.1.tar.gz b/libsass-3.6.1.tar.gz new file mode 100644 index 0000000..ddf468a --- /dev/null +++ b/libsass-3.6.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:18d6e866ba2430cccae2551f384aca253a84592c692ce7146550f1d4f273b7d7 +size 333609 diff --git a/libsass.changes b/libsass.changes index 0b9b6c5..b81a96d 100644 --- a/libsass.changes +++ b/libsass.changes @@ -1,3 +1,33 @@ +------------------------------------------------------------------- +Fri Jul 12 07:10:58 UTC 2019 - Cédric Bosdonnat + +- Update version to 3.6.1: + + * Fix use-after-free vulnerability in sass_context.cpp:handle_error + bsc#1096894, CVE-2018-11499 + * Disallow parent selector in selector_fns arguments + bsc#1118301, CVE-2018-19797 + * Fix use-after-free vulnerability exists in the SharedPtr class + bsc#1118346, CVE-2018-19827 + * Fix stack-overflow in Eval::operator() + bsc#1118348, CVE-2018-19837 + * Fix stack-overflow at IMPLEMENT_AST_OPERATORS expansion + bsc#1118349, CVE-2018-19838 + * Fix buffer-overflow (OOB read) against some invalid input + bsc#1118351, CVE-2018-19839 + * Fix Null pointer dereference in Sass::Eval::operator()(Sass::Supports_Operator*) + bsc#1119789, CVE-2018-20190 + * Fix heap-buffer-overflow in Sass::Prelexer::parenthese_scope(char const*) + bsc#1121943, CVE-2019-6283 + * Fix heap-based buffer over-read exists in Sass:Prelexer:alternatives + bsc#1121944, CVE-2019-6284 + * Fix heap-based buffer over-read exists in Sass:Prelexer:skip_over_scopes + bsc#1121945, CVE-2019-6286 + * Fix uncontrolled recursion in Sass:Parser:parse_css_variable_value + bsc#1133200, CVE-2018-20821 + * Fix stack-overflow at Sass::Inspect::operator() + bsc#1133201, CVE-2018-20822 + ------------------------------------------------------------------- Mon Apr 23 18:57:47 UTC 2018 - gutaper@gmail.com diff --git a/libsass.spec b/libsass.spec index f5c080a..cf5ffe8 100644 --- a/libsass.spec +++ b/libsass.spec @@ -1,7 +1,7 @@ # # spec file for package libsass # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,13 +12,13 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # -%define libname libsass-3_5_3-1 +%define libname libsass-3_6_1-1 Name: libsass -Version: 3.5.3 +Version: 3.6.1 Release: 0 Summary: Compiler library for A CSS preprocessor language License: MIT