Debian Package Tracker

general

source: libsass (extra, misc)
version: 3.4.3-1
maintainer: Debian Sass team (archive) [DMD]
uploaders: Jonas Smedegaard [DMD]
arch: any
std-ver: 3.9.8
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

old-bpo: 3.4.3-1~bpo8+1
stable: 3.4.3-1
testing: 3.4.3-1
unstable: 3.4.3-1

versioned links

3.4.3-1~bpo8+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.4.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libsass-dev
libsass0
libsass0-dbg

action needed

A new upstream version is available: 3.4.5

high

A new upstream version 3.4.5 is available, you should consider packaging it.

Created: 2017-08-12 Last update: 2017-08-17 07:25

8 security issues in sid

high

There are 8 open security issues in sid.

8 important issues:

CVE-2017-10687: In LibSass 3.4.5, there is a heap-based buffer over-read in the function json_mkstream() in sass_context.cpp. A crafted input will lead to a remote denial of service attack.
CVE-2017-11605: There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack.
CVE-2017-11608: There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.
CVE-2017-11554: There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service.
CVE-2017-11556: There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service.
CVE-2017-11342: There is an illegal address access in ast.cpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.
CVE-2017-11341: There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.
CVE-2017-11555: There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service.

Please fix them.

Created: 2017-06-30 Last update: 2017-08-11 01:20

8 security issues in buster

high

There are 8 open security issues in buster.

8 important issues:

CVE-2017-10687: In LibSass 3.4.5, there is a heap-based buffer over-read in the function json_mkstream() in sass_context.cpp. A crafted input will lead to a remote denial of service attack.
CVE-2017-11605: There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack.
CVE-2017-11608: There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.
CVE-2017-11554: There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service.
CVE-2017-11556: There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service.
CVE-2017-11342: There is an illegal address access in ast.cpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.
CVE-2017-11341: There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.
CVE-2017-11555: There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service.

Please fix them.

Created: 2017-06-30 Last update: 2017-08-11 01:20

lintian reports 15 errors

high

Lintian reports 15 errors about this package. You should make the package lintian clean getting rid of them.

Created: 2017-07-24 Last update: 2017-07-24 07:16

Multiarch hinter reports 1 issue(s)

normal

There are issues with the multiarch metadata for this package.

libsass0-dbg could be marked Multi-Arch: same

Created: 2017-03-05 Last update: 2017-08-17 07:35

1 bug tagged patch in the BTS

normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2017-08-12 Last update: 2017-08-17 07:10

8 ignored security issues in stretch

low

There are 8 open security issues in stretch.

8 issues skipped by the security teams:

CVE-2017-10687: In LibSass 3.4.5, there is a heap-based buffer over-read in the function json_mkstream() in sass_context.cpp. A crafted input will lead to a remote denial of service attack.
CVE-2017-11605: There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack.
CVE-2017-11608: There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.
CVE-2017-11554: There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service.
CVE-2017-11556: There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service.
CVE-2017-11342: There is an illegal address access in ast.cpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.
CVE-2017-11341: There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.
CVE-2017-11555: There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service.

Please fix them.

Created: 2017-06-30 Last update: 2017-08-11 01:20

Build log checks report 1 warning

low

Build log checks report 1 warning

Created: 2016-09-09 Last update: 2016-09-09 13:09

news

[rss feed]

[2017-03-16] Accepted libsass 3.4.3-1~bpo8+1 (source amd64) into jessie-backports->backports-policy, jessie-backports (Rhonda D'Vine) (signed by: Rhonda)
[2017-02-03] libsass 3.4.3-1 MIGRATED to testing (Debian testing watch)
[2017-01-23] Accepted libsass 3.4.3-1 (source amd64) into unstable (Jonas Smedegaard)
[2016-12-22] libsass 3.4.0-1 MIGRATED to testing (Debian testing watch)
[2016-12-11] Accepted libsass 3.4.0-1 (source amd64) into unstable (Jonas Smedegaard)
[2016-09-15] libsass 3.3.6-2 MIGRATED to testing (Debian testing watch)
[2016-09-09] Accepted libsass 3.3.6-2 (source) into unstable (Jonas Smedegaard)
[2016-09-09] Accepted libsass 3.3.6-1 (source amd64) into unstable (Jonas Smedegaard)
[2016-03-28] libsass 3.3.4-1 MIGRATED to testing (Debian testing watch)
[2016-03-21] Accepted libsass 3.3.4-1 (source amd64) into unstable (Jonas Smedegaard)
[2016-03-13] libsass 3.3.3-1 MIGRATED to testing (Debian testing watch)
[2016-03-08] Accepted libsass 3.3.3-1 (source amd64) into unstable (Jonas Smedegaard)
[2016-02-11] libsass 3.3.2-1 MIGRATED to testing (Debian testing watch)
[2015-11-30] Accepted libsass 3.3.2-1 (source amd64) into unstable (Jonas Smedegaard)
[2015-11-30] Accepted libsass 3.2.5-2 (source amd64) into unstable (Jonas Smedegaard)
[2015-06-27] libsass 3.2.5-1 MIGRATED to testing (Britney)
[2015-06-20] Accepted libsass 3.2.5-1 (source amd64) into unstable (Jonas Smedegaard)
[2015-05-26] libsass 3.2.4-2 MIGRATED to testing (Britney)
[2015-05-20] Accepted libsass 3.2.4-1 (source amd64) into unstable, unstable (Jonas Smedegaard)
[2015-05-20] Accepted libsass 3.1.0-1 (source amd64) into unstable, unstable (Jonas Smedegaard)
[2015-05-20] Accepted libsass 3.2.4-2 (source amd64) into unstable, unstable (Jonas Smedegaard)

bugs [bug history graph]

all: 6
RC: 0
I&N: 6
M&W: 0
F&P: 0

links

homepage
lintian (15, 0)
buildd: logs, checks, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.4.3-1