Information on source package libsass

Available versions

Release	Version
bullseye	3.6.4+20201122-1
bookworm	3.6.5+20220909-1
trixie	3.6.5+20231221-3
sid	3.6.5+20231221-3

Open issues

Bug	bullseye	bookworm	trixie	sid	Description
CVE-2022-43358	vulnerable (no DSA)	vulnerable (no DSA, ignored)	fixed	fixed	Stack overflow vulnerability in ast_selectors.cpp: in function Sass::C ...
CVE-2022-43357	vulnerable (no DSA)	vulnerable (no DSA, ignored)	fixed	fixed	Stack overflow vulnerability in ast_selectors.cpp in function Sass::Co ...
CVE-2022-26592	vulnerable (no DSA)	vulnerable (no DSA, ignored)	fixed	fixed	Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector ...

Open unimportant issues

Bug	bullseye	bookworm	trixie	sid	Description
CVE-2019-18797	vulnerable	vulnerable	vulnerable	vulnerable	LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sas ...

Resolved issues

Bug	Description
CVE-2019-18799	LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser ...
CVE-2019-18798	LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::wea ...
CVE-2019-6286	In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelex ...
CVE-2019-6284	In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelex ...
CVE-2019-6283	In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelex ...
CVE-2018-20822	LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrol ...
CVE-2018-20821	The parsing component in LibSass through 3.5.5 allows attackers to cau ...
CVE-2018-20190	In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eva ...
CVE-2018-19839	In LibSass prior to 3.5.5, the function handle_error in sass_context.c ...
CVE-2018-19838	In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_ ...
CVE-2018-19837	In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Express ...
CVE-2018-19827	In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedP ...
CVE-2018-19797	In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Sel ...
CVE-2018-11698	An issue was discovered in LibSass through 3.5.4. An out-of-bounds rea ...
CVE-2018-11697	An issue was discovered in LibSass through 3.5.4. An out-of-bounds rea ...
CVE-2018-11696	An issue was discovered in LibSass through 3.5.4. A NULL pointer deref ...
CVE-2018-11695	An issue was discovered in LibSass <3.5.3. A NULL pointer dereference ...
CVE-2018-11694	An issue was discovered in LibSass through 3.5.4. A NULL pointer deref ...
CVE-2018-11693	An issue was discovered in LibSass through 3.5.4. An out-of-bounds rea ...
CVE-2018-11499	A use-after-free vulnerability exists in handle_error() in sass_contex ...
CVE-2017-11608	There is a heap-based buffer over-read in the Sass::Prelexer::re_lineb ...
CVE-2017-11556	There is a stack consumption vulnerability in the Parser::advanceToNex ...
CVE-2017-11555	There is an illegal address access in the Eval::operator function in e ...
CVE-2017-11554	There is a stack consumption vulnerability in the lex function in pars ...