Quoting Salvatore Bonaccorso (2019-03-11 17:14:31)
> Control: fixed -1 3.4.6-1
>
> Hi,
>
> On Mon, Mar 11, 2019 at 01:49:36PM +0100, Jonas Smedegaard wrote:
> > Quoting Jonas Smedegaard (2019-03-11 13:43:41)
> > > POC on Debian stretch with libsass1 3.4.3-1 and sassc 3.4.2-1:
> > >
> > > Error:
Contol: tags -1 - unreproducible
Hi,
Actually running under valgrind shows the invalid read of size 1 under
stretch. But the issue is fixed in the sid version already.
Regards,
Salvatore
valgrind.log.xz
Description: application/xz
Control: fixed -1 3.4.6-1
Hi,
On Mon, Mar 11, 2019 at 01:49:36PM +0100, Jonas Smedegaard wrote:
> Quoting Jonas Smedegaard (2019-03-11 13:43:41)
> > POC on Debian stretch with libsass1 3.4.3-1 and sassc 3.4.2-1:
> >
> > Error: Invalid UTF-8 sequence
> > on line 1 of
Quoting Jonas Smedegaard (2019-03-11 13:43:41)
> POC on Debian stretch with libsass1 3.4.3-1 and sassc 3.4.2-1:
>
> Error: Invalid UTF-8 sequence
> on line 1 of /attachment.cgi?id=1303540
> >> "�d\
>-^
Correction: Aboce was with libsass1 3.5.5-2 and sassc 3.5.0-1.
- Jonas
--
*
Source: libsass
Version: 3.4.3-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for libsass.
CVE-2017-11608[0]:
| There is a heap-based buffer over-read in the
| Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A
| crafted input
5 matches
Mail list logo
