control: forwarded -1 https://github.com/sass/libsass/issues/2643 control: tags -1 patch
Quoting Salvatore Bonaccorso (2018-05-27 10:50:20) > The following vulnerability was published for libsass. > > CVE-2018-11499[0]: > | A use-after-free vulnerability exists in handle_error() in > | sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be > | leveraged to cause a denial of service (application crash) or possibly > | unspecified other impact. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2018-11499 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11499 > [1] https://github.com/sass/libsass/issues/2643 This seems to be upstream fix: https://github.com/sass/libsass/pull/2755/files/e81b722 - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature