Request 714784: Submit libsass - openSUSE Build Service

Overview

Request 714784 accepted

- Update version to 3.6.1:
* Fix use-after-free vulnerability in sass_context.cpp:handle_error
bsc#1096894, CVE-2018-11499
* Disallow parent selector in selector_fns arguments
bsc#1118301, CVE-2018-19797
* Fix use-after-free vulnerability exists in the SharedPtr class
bsc#1118346, CVE-2018-19827
* Fix stack-overflow in Eval::operator()
bsc#1118348, CVE-2018-19837
* Fix stack-overflow at IMPLEMENT_AST_OPERATORS expansion
bsc#1118349, CVE-2018-19838
* Fix buffer-overflow (OOB read) against some invalid input
bsc#1118351, CVE-2018-19839
* Fix Null pointer dereference in Sass::Eval::operator()(Sass::Supports_Operator*)
bsc#1119789, CVE-2018-20190
* Fix heap-buffer-overflow in Sass::Prelexer::parenthese_scope(char const*)
bsc#1121943, CVE-2019-6283
* Fix heap-based buffer over-read exists in Sass:Prelexer:alternatives
bsc#1121944, CVE-2019-6284
* Fix heap-based buffer over-read exists in Sass:Prelexer:skip_over_scopes
bsc#1121945, CVE-2019-6286
* Fix uncontrolled recursion in Sass:Parser:parse_css_variable_value
bsc#1133200, CVE-2018-20821
* Fix stack-overflow at Sass::Inspect::operator()
bsc#1133201, CVE-2018-20822

Created by cbosdonnat almost 5 years ago
In state accepted

Submit libsass

Comments for request 714784 1

Origin Manager (origin-manager) - almost 5 years ago

reviewer

Previous comment no longer relevant.

Login required, please login in order to comment

Request History

cbosdonnat created request almost 5 years ago

- Update version to 3.6.1:
* Fix use-after-free vulnerability in sass_context.cpp:handle_error
bsc#1096894, CVE-2018-11499
* Disallow parent selector in selector_fns arguments
bsc#1118301, CVE-2018-19797
* Fix use-after-free vulnerability exists in the SharedPtr class
bsc#1118346, CVE-2018-19827
* Fix stack-overflow in Eval::operator()
bsc#1118348, CVE-2018-19837
* Fix stack-overflow at IMPLEMENT_AST_OPERATORS expansion
bsc#1118349, CVE-2018-19838
* Fix buffer-overflow (OOB read) against some invalid input
bsc#1118351, CVE-2018-19839
* Fix Null pointer dereference in Sass::Eval::operator()(Sass::Supports_Operator*)
bsc#1119789, CVE-2018-20190
* Fix heap-buffer-overflow in Sass::Prelexer::parenthese_scope(char const*)
bsc#1121943, CVE-2019-6283
* Fix heap-based buffer over-read exists in Sass:Prelexer:alternatives
bsc#1121944, CVE-2019-6284
* Fix heap-based buffer over-read exists in Sass:Prelexer:skip_over_scopes
bsc#1121945, CVE-2019-6286
* Fix uncontrolled recursion in Sass:Parser:parse_css_variable_value
bsc#1133200, CVE-2018-20821
* Fix stack-overflow at Sass::Inspect::operator()
bsc#1133201, CVE-2018-20822

origin-manager added leap-reviewers as a reviewer almost 5 years ago

Changing to a lower priority origin.

origin: openSUSE:Factory
origin_old: openSUSE:Leap:15.1:Update

factory-auto accepted review almost 5 years ago

Check script succeeded

origin-manager accepted review almost 5 years ago

origin: openSUSE:Factory
origin_old: openSUSE:Leap:15.1:Update

staging-bot added as a reviewer almost 5 years ago

Being evaluated by staging project "openSUSE:Leap:15.2:Staging:adi:3"

staging-bot accepted review almost 5 years ago

Picked openSUSE:Leap:15.2:Staging:adi:3

mlin7442 accepted review almost 5 years ago

ok

staging-bot accepted review almost 5 years ago

ready to accept

staging-bot approved review almost 5 years ago

ready to accept

maxlin_factory accepted request almost 5 years ago

Accept to openSUSE:Leap:15.2

openSUSE Build Service is sponsored by