Information on source package libsass

Available versions

Release	Version
bullseye	3.6.4+20201122-1
bookworm	3.6.5+20220909-1
trixie	3.6.5+20231221-3
forky	3.6.5+20231221-3
sid	3.6.5+20231221-3

Open issues

Bug	bullseye	bookworm	trixie	forky	sid	Description
CVE-2022-43358	vulnerable (no DSA)	vulnerable (no DSA, ignored)	fixed	fixed	fixed	Stack overflow vulnerability in ast_selectors.cpp: in function Sass::C ...
CVE-2022-43357	vulnerable (no DSA)	vulnerable (no DSA, ignored)	fixed	fixed	fixed	Stack overflow vulnerability in ast_selectors.cpp in function Sass::Co ...
CVE-2022-26592	vulnerable (no DSA)	vulnerable (no DSA, ignored)	fixed	fixed	fixed	Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector ...

Open unimportant issues

Bug	bullseye	bookworm	trixie	forky	sid	Description
CVE-2019-18797	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sas ...

Resolved issues

Bug	Description
CVE-2019-18799	LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser ...
CVE-2019-18798	LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::wea ...
CVE-2019-6286	In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelex ...
CVE-2019-6284	In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelex ...
CVE-2019-6283	In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelex ...
CVE-2018-20822	LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrol ...
CVE-2018-20821	The parsing component in LibSass through 3.5.5 allows attackers to cau ...
CVE-2018-20190	In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eva ...
CVE-2018-19839	In LibSass prior to 3.5.5, the function handle_error in sass_context.c ...
CVE-2018-19838	In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_ ...
CVE-2018-19837	In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Express ...
CVE-2018-19827	In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedP ...
CVE-2018-19797	In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Sel ...
CVE-2018-11698	An issue was discovered in LibSass through 3.5.4. An out-of-bounds rea ...
CVE-2018-11697	An issue was discovered in LibSass through 3.5.4. An out-of-bounds rea ...
CVE-2018-11696	An issue was discovered in LibSass through 3.5.4. A NULL pointer deref ...
CVE-2018-11695	An issue was discovered in LibSass <3.5.3. A NULL pointer dereference ...
CVE-2018-11694	An issue was discovered in LibSass through 3.5.4. A NULL pointer deref ...
CVE-2018-11693	An issue was discovered in LibSass through 3.5.4. An out-of-bounds rea ...
CVE-2018-11499	A use-after-free vulnerability exists in handle_error() in sass_contex ...
CVE-2017-11608	There is a heap-based buffer over-read in the Sass::Prelexer::re_lineb ...
CVE-2017-11556	There is a stack consumption vulnerability in the Parser::advanceToNex ...
CVE-2017-11555	There is an illegal address access in the Eval::operator function in e ...
CVE-2017-11554	There is a stack consumption vulnerability in the lex function in pars ...