Information on source package libsass

Available versions

ReleaseVersion
stretch3.4.3-1
buster3.5.5-4
sid3.5.5-4

Open issues

BugstretchbustersidDescription
CVE-2019-6286vulnerable (no DSA)fixedfixedIn LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelex ...
CVE-2019-6284vulnerable (no DSA)fixedfixedIn LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelex ...
CVE-2019-6283vulnerable (no DSA)fixedfixedIn LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelex ...
CVE-2018-20822vulnerable (no DSA)vulnerable (no DSA)vulnerableLibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrol ...
CVE-2018-20821fixedvulnerable (no DSA)vulnerableThe parsing component in LibSass through 3.5.5 allows attackers to cau ...
CVE-2018-20190vulnerable (no DSA)fixedfixedIn LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eva ...
CVE-2018-19839vulnerable (no DSA)fixedfixedIn LibSass prior to 3.5.5, the function handle_error in sass_context.c ...
CVE-2018-19838vulnerable (no DSA)vulnerable (no DSA)vulnerableIn LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_ ...
CVE-2018-19837vulnerable (no DSA)fixedfixedIn LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Express ...
CVE-2018-19827vulnerable (no DSA)fixedfixedIn LibSass 3.5.5, a use-after-free vulnerability exists in the SharedP ...
CVE-2018-19797vulnerable (no DSA)vulnerablevulnerableIn LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Sel ...
CVE-2018-19219undeterminedundeterminedundeterminedIn LibSass 3.5-stable, there is an illegal address access at Sass::Eva ...
CVE-2018-19218undeterminedundeterminedundeterminedIn LibSass 3.5-stable, there is an illegal address access at Sass::Par ...
CVE-2018-11698vulnerable (no DSA)vulnerablevulnerableAn issue was discovered in LibSass through 3.5.4. An out-of-bounds rea ...
CVE-2018-11697vulnerable (no DSA)vulnerablevulnerableAn issue was discovered in LibSass through 3.5.4. An out-of-bounds rea ...
CVE-2018-11696vulnerable (no DSA)fixedfixedAn issue was discovered in LibSass through 3.5.4. A NULL pointer deref ...
CVE-2018-11695vulnerable (no DSA)fixedfixedAn issue was discovered in LibSass through 3.5.2. A NULL pointer deref ...
CVE-2018-11694vulnerable (no DSA)vulnerable (no DSA)vulnerableAn issue was discovered in LibSass through 3.5.4. A NULL pointer deref ...
CVE-2018-11693vulnerable (no DSA)fixedfixedAn issue was discovered in LibSass through 3.5.4. An out-of-bounds rea ...
CVE-2017-12964undeterminedundeterminedundeterminedThere is a stack consumption issue in LibSass 3.4.5 that is triggered ...
CVE-2017-12963undeterminedundeterminedundeterminedThere is an illegal address access in Sass::Eval::operator() in eval.c ...
CVE-2017-12962undeterminedundeterminedundeterminedThere are memory leaks in LibSass 3.4.5 triggered by deeply nested cod ...
CVE-2017-11608vulnerable (no DSA)fixedfixedThere is a heap-based buffer over-read in the Sass::Prelexer::re_lineb ...
CVE-2017-11605undeterminedundeterminedundeterminedThere is a heap based buffer over-read in LibSass 3.4.5, related to ad ...
CVE-2017-11556vulnerable (no DSA)fixedfixedThere is a stack consumption vulnerability in the Parser::advanceToNex ...
CVE-2017-11555vulnerable (no DSA)fixedfixedThere is an illegal address access in the Eval::operator function in e ...
CVE-2017-11554vulnerable (no DSA)fixedfixedThere is a stack consumption vulnerability in the lex function in pars ...
CVE-2017-11342undeterminedundeterminedundeterminedThere is an illegal address access in ast.cpp of LibSass 3.4.5. A craf ...
CVE-2017-11341undeterminedundeterminedundeterminedThere is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. ...
CVE-2017-10687undeterminedundeterminedundeterminedIn LibSass 3.4.5, there is a heap-based buffer over-read in the functi ...

Resolved issues

BugDescription
CVE-2018-11499A use-after-free vulnerability exists in handle_error() in sass_contex ...

Search for package or bug name: Reporting problems