[Pkg-sass-devel] Bug#870186: Bug#870186: libsass: CVE-2017-11608

Jonas Smedegaard jonas at jones.dk
Mon Mar 11 12:49:36 GMT 2019


Quoting Jonas Smedegaard (2019-03-11 13:43:41)
> POC on Debian stretch with libsass1 3.4.3-1 and sassc 3.4.2-1:
> 
> Error: Invalid UTF-8 sequence
>         on line 1 of /attachment.cgi?id=1303540
> >> "�d\
>    -^

Correction: Aboce was with libsass1 3.5.5-2 and sassc 3.5.0-1.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-sass-devel/attachments/20190311/5753d3f1/attachment.sig>


More information about the pkg-sass-devel mailing list