[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-11693: Reference the commits as merged into upstream repository

Salvatore Bonaccorso carnil at debian.org
Thu Jun 20 15:20:42 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bbb325b0 by Salvatore Bonaccorso at 2019-06-20T14:19:12Z
CVE-2018-11693: Reference the commits as merged into upstream repository

- - - - -
4576207d by Salvatore Bonaccorso at 2019-06-20T14:19:43Z
Update fixed version for CVE-2018-11693

libsass as uploaded 3.5.4+20180621~c0a6cf3-1 was a snapshot taken from
stable git branch including the fix for CVE-2018-11693.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -55042,10 +55042,11 @@ CVE-2018-11694 (An issue was discovered in LibSass through 3.5.4. A NULL pointer
 	NOTE: https://github.com/glebm/libsass/commit/e5964a7df9bdb36f2944e7289812f1057aad2c5d
 	NOTE: https://github.com/sass/libsass/commit/c93f0581c6b7794d8c1d5637c5c4dabd591b1d57
 CVE-2018-11693 (An issue was discovered in LibSass through 3.5.4. An out-of-bounds rea ...)
-	- libsass 3.5.5-1 (low)
+	- libsass 3.5.4+20180621~c0a6cf3-1 (low)
 	[stretch] - libsass <no-dsa> (Minor issue)
 	NOTE: https://github.com/sass/libsass/issues/2661
-	NOTE: https://github.com/xzyfer/libsass/commit/af0e12cdf09d43dbd1fc11e3f64b244277cc1a1e
+	NOTE: https://github.com/sass/libsass/commit/c0a6cf39dea9b2522a08d61b731bc72dfb362584 (3.5.5)
+	NOTE: https://github.com/sass/libsass/commit/b3374e3fd1a0c3658644d2bad24e4a0ff2e0dcea (master)
 CVE-2018-11692 (** DISPUTED ** An issue was discovered on Canon LBP6650, LBP3370, LBP3 ...)
 	NOT-FOR-US: Canon devices
 CVE-2018-11691 (Emerson VE6046 09.0.12 devices have hardcoded admin credentials allowi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ad9c3136eb5784f7ed724fd7683a6ead1f5938f8...4576207db86df8aa3b14a6f5f472e7f851b2ee60

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ad9c3136eb5784f7ed724fd7683a6ead1f5938f8...4576207db86df8aa3b14a6f5f472e7f851b2ee60
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190620/fa86d219/attachment.html>

More information about the debian-security-tracker-commits mailing list