Accepting request 714781 from devel:libraries:c_c++

OBS-URL: https://build.opensuse.org/request/show/714781 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsass?expand=0&rev=10
2019-07-16 06:39:06 +00:00 · 2019-07-16 06:39:06 +00:00 · 3d3c11c179
commit 3d3c11c179
parent 424b07184f 599fa9d451
4 changed files with 37 additions and 7 deletions
--- a/libsass-3.5.3.tar.gz
+++ b/libsass-3.5.3.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f19fd5ce1c4209b9f3e2f6764e1e6c40194bf2e854865341f3c94d0d95c0cdd1
-size 327866
--- a/libsass-3.6.1.tar.gz
+++ b/libsass-3.6.1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:18d6e866ba2430cccae2551f384aca253a84592c692ce7146550f1d4f273b7d7
+size 333609
--- a/libsass.changes
+++ b/libsass.changes
@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Fri Jul 12 07:10:58 UTC 2019 - Cédric Bosdonnat <cbosdonnat@suse.com>
+
+- Update version to 3.6.1:
+
+  * Fix use-after-free vulnerability in sass_context.cpp:handle_error 
+    bsc#1096894, CVE-2018-11499
+  * Disallow parent selector in selector_fns arguments
+    bsc#1118301, CVE-2018-19797
+  * Fix use-after-free vulnerability exists in the SharedPtr class 
+    bsc#1118346, CVE-2018-19827
+  * Fix stack-overflow in Eval::operator()
+    bsc#1118348, CVE-2018-19837
+  * Fix stack-overflow at IMPLEMENT_AST_OPERATORS expansion
+    bsc#1118349, CVE-2018-19838
+  * Fix buffer-overflow (OOB read) against some invalid input
+    bsc#1118351, CVE-2018-19839
+  * Fix Null pointer dereference in Sass::Eval::operator()(Sass::Supports_Operator*)
+    bsc#1119789, CVE-2018-20190
+  * Fix heap-buffer-overflow in Sass::Prelexer::parenthese_scope(char const*)
+    bsc#1121943, CVE-2019-6283
+  * Fix heap-based buffer over-read exists in Sass:Prelexer:alternatives
+    bsc#1121944, CVE-2019-6284
+  * Fix heap-based buffer over-read exists in Sass:Prelexer:skip_over_scopes
+    bsc#1121945, CVE-2019-6286
+  * Fix uncontrolled recursion in Sass:Parser:parse_css_variable_value
+    bsc#1133200, CVE-2018-20821
+  * Fix stack-overflow at Sass::Inspect::operator()
+    bsc#1133201, CVE-2018-20822
+
 -------------------------------------------------------------------
 Mon Apr 23 18:57:47 UTC 2018 - gutaper@gmail.com

--- a/libsass.spec
+++ b/libsass.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libsass
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -12,13 +12,13 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.

-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #


-%define libname libsass-3_5_3-1
+%define libname libsass-3_6_1-1
 Name:           libsass
-Version:        3.5.3
+Version:        3.6.1
 Release:        0
 Summary:        Compiler library for A CSS preprocessor language
 License:        MIT