openSUSE-SU-2019:1791-1

Import Source

JSON Data

https://api.test.osv.dev/v1/vulns/openSUSE-SU-2019:1791-1

Related

Published

2019-07-23T11:22:02Z

Modified

2019-07-23T11:22:02Z

Summary

Security update for libsass

Details

This update for libsass to version 3.6.1 fixes the following issues:

Security issues fixed:

CVE-2019-6283: Fixed heap-buffer-overflow in Sass::Prelexer::parenthese_scope(char const*) (boo#1121943).
CVE-2019-6284: Fixed heap-based buffer over-read exists in Sass:Prelexer:alternatives (boo#1121944).
CVE-2019-6286: Fixed heap-based buffer over-read exists in Sass:Prelexer:skipoverscopes (boo#1121945).
CVE-2018-11499: Fixed use-after-free vulnerability in sasscontext.cpp:handleerror (boo#1096894).
CVE-2018-19797: Disallowed parent selector in selector_fns arguments (boo#1118301).
CVE-2018-19827: Fixed use-after-free vulnerability exists in the SharedPtr class (boo#1118346).
CVE-2018-19837: Fixed stack overflow in Eval::operator() (boo#1118348).
CVE-2018-19838: Fixed stack-overflow at IMPLEMENTASTOPERATORS expansion (boo#1118349).
CVE-2018-19839: Fixed buffer-overflow (OOB read) against some invalid input (boo#1118351).
CVE-2018-20190: Fixed Null pointer dereference in Sass::Eval::operator()(Sass::Supports_Operator*) (boo#1119789).
CVE-2018-20821: Fixed uncontrolled recursion in Sass:Parser:parsecssvariable_value (boo#1133200).
CVE-2018-20822: Fixed stack-overflow at Sass::Inspect::operator() (boo#1133201).

References

Affected packages

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.1-lp151.3.3.1

{
    "binaries": [
        {
            "libsass-devel": "3.6.1-lp151.3.3.1",
            "libsass-3_6_1-1": "3.6.1-lp151.3.3.1"
        }
    ]
}

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.1-lp151.3.3.1

{
    "binaries": [
        {
            "libsass-devel": "3.6.1-lp151.3.3.1",
            "libsass-3_6_1-1": "3.6.1-lp151.3.3.1"
        }
    ]
}