Quoting Salvatore Bonaccorso (2019-03-11 17:14:31) > Control: fixed -1 3.4.6-1 > > Hi, > > On Mon, Mar 11, 2019 at 01:49:36PM +0100, Jonas Smedegaard wrote: > > Quoting Jonas Smedegaard (2019-03-11 13:43:41) > > > POC on Debian stretch with libsass1 3.4.3-1 and sassc 3.4.2-1: > > > > > > Error: Invalid UTF-8 sequence > > > on line 1 of /attachment.cgi?id=1303540 > > > >> "�d\ > > > -^ > > > > Correction: Aboce was with libsass1 3.5.5-2 and sassc 3.5.0-1. > > Did you build with ASAN to verify? > > The issue should be fixed with > https://github.com/sass/libsass/commit/648f763ede97f9a2c2c843a0a18ac18bbde3507b > which was in 3.4.6 (so indeed the issue does not affect anymore > sid/buster which included the above commit with the 3.4.6-1 upload).
No, I simply tested with official packaged code. I have stopped working on the other security bugs against libsass, because I realize I lack the needed skills. :-( - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature