pool/libsass
SHA256
11
0
Fork 2
Code Issues Pull Requests Activity

Accepting request 714780 from home:cbosdonnat:branches:devel:libraries:c_c++

Browse Source 
- Update version to 3.6.1:
  * Fix use-after-free vulnerability in sass_context.cpp:handle_error 
    bsc#1096894, CVE-2018-11499
  * Disallow parent selector in selector_fns arguments
    bsc#1118301, CVE-2018-19797
  * Fix use-after-free vulnerability exists in the SharedPtr class 
    bsc#1118346, CVE-2018-19827
  * Fix stack-overflow in Eval::operator()
    bsc#1118348, CVE-2018-19837
  * Fix stack-overflow at IMPLEMENT_AST_OPERATORS expansion
    bsc#1118349, CVE-2018-19838
  * Fix buffer-overflow (OOB read) against some invalid input
    bsc#1118351, CVE-2018-19839
  * Fix Null pointer dereference in Sass::Eval::operator()(Sass::Supports_Operator*)
    bsc#1119789, CVE-2018-20190
  * Fix heap-buffer-overflow in Sass::Prelexer::parenthese_scope(char const*)
    bsc#1121943, CVE-2019-6283
  * Fix heap-based buffer over-read exists in Sass:Prelexer:alternatives
    bsc#1121944, CVE-2019-6284
  * Fix heap-based buffer over-read exists in Sass:Prelexer:skip_over_scopes
    bsc#1121945, CVE-2019-6286
  * Fix uncontrolled recursion in Sass:Parser:parse_css_variable_value
    bsc#1133200, CVE-2018-20821
  * Fix stack-overflow at Sass::Inspect::operator()
    bsc#1133201, CVE-2018-20822

OBS-URL: https://build.opensuse.org/request/show/714780
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libsass?expand=0&rev=22
This commit is contained in:
Cédric Bosdonnat
2019-07-12 07:43:57 +00:00
committed by Git OBS Bridge
parent 7aa7bd917f
commit 599fa9d451
4 changed files with 37 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
libsass.changes
View File

@@ -1,3 +1,33 @@
-------------------------------------------------------------------
Fri Jul 12 07:10:58 UTC 2019 - Cédric Bosdonnat <cbosdonnat@suse.com>
- Update version to 3.6.1:
* Fix use-after-free vulnerability in sass_context.cpp:handle_error
bsc#1096894, CVE-2018-11499
* Disallow parent selector in selector_fns arguments
bsc#1118301, CVE-2018-19797
* Fix use-after-free vulnerability exists in the SharedPtr class
bsc#1118346, CVE-2018-19827
* Fix stack-overflow in Eval::operator()
bsc#1118348, CVE-2018-19837
* Fix stack-overflow at IMPLEMENT_AST_OPERATORS expansion
bsc#1118349, CVE-2018-19838
* Fix buffer-overflow (OOB read) against some invalid input
bsc#1118351, CVE-2018-19839
* Fix Null pointer dereference in Sass::Eval::operator()(Sass::Supports_Operator*)
bsc#1119789, CVE-2018-20190
* Fix heap-buffer-overflow in Sass::Prelexer::parenthese_scope(char const*)
bsc#1121943, CVE-2019-6283
* Fix heap-based buffer over-read exists in Sass:Prelexer:alternatives
bsc#1121944, CVE-2019-6284
* Fix heap-based buffer over-read exists in Sass:Prelexer:skip_over_scopes
bsc#1121945, CVE-2019-6286
* Fix uncontrolled recursion in Sass:Parser:parse_css_variable_value
bsc#1133200, CVE-2018-20821
* Fix stack-overflow at Sass::Inspect::operator()
bsc#1133201, CVE-2018-20822
-------------------------------------------------------------------
Mon Apr 23 18:57:47 UTC 2018 - gutaper@gmail.com