[Git][security-tracker-team/security-tracker][master] 4 commits: Reference upstream commit for CVE-2018-11696 which was merged
Salvatore Bonaccorso
carnil at debian.org
Sun Feb 10 14:26:09 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d0548e38 by Salvatore Bonaccorso at 2019-02-10T14:18:08Z
Reference upstream commit for CVE-2018-11696 which was merged
- - - - -
75b2d8df by Salvatore Bonaccorso at 2019-02-10T14:18:37Z
Fix for CVE-2018-11696 was only included in 3.5.5-1
- - - - -
ed0962bb by Salvatore Bonaccorso at 2019-02-10T14:19:15Z
Update commit for CVE-2018-11697
The original approach via
https://github.com/xzyfer/libsass/commit/024bb12511ce43fae8bb3737558f5cfe37a38a59
was withdrawn an later
https://github.com/sass/libsass/commit/eb15533b07773c30dc03c9d742865604f47120ef
commited.
- - - - -
49b06ac7 by Salvatore Bonaccorso at 2019-02-10T14:19:50Z
Update status for CVE-2018-11697
https://github.com/sass/libsass/commit/eb15533b07773c30dc03c9d742865604f47120ef
is not yet included in src:libsass .
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -40115,15 +40115,15 @@ CVE-2018-11698 (An issue was discovered in LibSass through 3.5.4. An out-of-boun
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/2662
CVE-2018-11697 (An issue was discovered in LibSass through 3.5.4. An out-of-bounds read ...)
- - libsass 3.5.4+20180621~c0a6cf3-1
+ - libsass <unfixed>
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/2656
- NOTE: https://github.com/xzyfer/libsass/commit/024bb12511ce43fae8bb3737558f5cfe37a38a59
+ NOTE: https://github.com/sass/libsass/commit/eb15533b07773c30dc03c9d742865604f47120ef
CVE-2018-11696 (An issue was discovered in LibSass through 3.5.4. A NULL pointer ...)
- - libsass 3.5.4+20180621~c0a6cf3-1
+ - libsass 3.5.5-1
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/2665
- NOTE: https://github.com/xzyfer/libsass/commit/0768c4a20fa3075d3b879c334f3fade13a763b08
+ NOTE: https://github.com/sass/libsass/commit/38f4c3699d06b64128bebc7cf1e8b3125be74dc4
CVE-2018-11695 (An issue was discovered in LibSass through 3.5.2. A NULL pointer ...)
- libsass <unfixed>
[stretch] - libsass <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4a961fce792554c6c01fc030777fcb633b46481e...49b06ac7994143fd3a9bafc43fedbdbe4be107e7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4a961fce792554c6c01fc030777fcb633b46481e...49b06ac7994143fd3a9bafc43fedbdbe4be107e7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190210/e57d34ba/attachment.html>
More information about the debian-security-tracker-commits
mailing list