Debian Package Tracker
Register | Log in
Subscribe

libsass

Choose email to subscribe with

general
  • source: libsass (main)
  • version: 3.6.4+20201122-1
  • maintainer: Debian Sass team (archive) (DMD)
  • uploaders: Jonas Smedegaard [DMD] – Anthony Fok [DMD]
  • arch: any
  • std-ver: 4.5.1
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • oldstable: 3.4.3-1
  • stable: 3.5.5-4
  • stable-bpo: 3.6.4-3~bpo10+1
  • testing: 3.6.4+20201122-1
  • unstable: 3.6.4+20201122-1
versioned links
  • 3.4.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.5.5-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.6.4-3~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.6.4+20201122-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libsass-dev
  • libsass1
action needed
A new upstream version is available: 3.6.4+20210304 high
A new upstream version 3.6.4+20210304 is available, you should consider packaging it.
Created: 2021-03-06 Last update: 2021-04-23 14:35
The VCS repository is not up to date, push the missing commits. high
vcswatch reports that the current version of the package is not in its VCS.
Either you need to push your commits and/or your tags, or the information about the package's VCS are out of date. A common cause of the latter issue when using the Git VCS is not specifying the correct branch when the packaging is not in the default one (remote HEAD branch), which is usually "master" but can be modified in salsa.debian.org in the project's general settings with the "Default Branch" field). Alternatively the Vcs-Git field in debian/control can contain a "-b <branch-name>" suffix to indicate what branch is used for the Debian packaging.
Created: 2021-01-09 Last update: 2021-04-23 13:08
lintian reports 4 warnings normal
Lintian reports 4 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2021-04-23 Last update: 2021-04-23 01:05
9 low-priority security issues in buster low

There are 9 open security issues in buster.

9 issues left for the package maintainer to handle:
  • CVE-2018-11694: (needs triaging) An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
  • CVE-2018-11697: (needs triaging) An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
  • CVE-2018-11698: (needs triaging) An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
  • CVE-2018-19797: (needs triaging) In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.
  • CVE-2018-19838: (needs triaging) In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().
  • CVE-2018-20821: (needs triaging) The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).
  • CVE-2018-20822: (needs triaging) LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).
  • CVE-2019-18798: (needs triaging) LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp.
  • CVE-2019-18799: (needs triaging) LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2021-03-21 19:04
Build log checks report 1 warning low
Build log checks report 1 warning
Created: 2016-09-09 Last update: 2016-09-09 13:09
news
[rss feed]
  • [2021-01-12] libsass 3.6.4+20201122-1 MIGRATED to testing (Debian testing watch)
  • [2021-01-09] Accepted libsass 3.6.4+20201122-1 (source) into unstable (Jonas Smedegaard)
  • [2021-01-08] Accepted libsass 3.6.4+20201122-1~exp (source) into experimental (Jonas Smedegaard)
  • [2021-01-08] Accepted libsass 3.6.4-4 (source) into unstable (Jonas Smedegaard)
  • [2021-01-07] Accepted libsass 3.6.4-4~exp1 (source) into experimental (Jonas Smedegaard)
  • [2020-12-08] Accepted libsass 3.6.4-3~bpo10+1 (source amd64) into buster-backports, buster-backports (Debian FTP Masters) (signed by: Anthony Fok)
  • [2020-06-11] libsass 3.6.4-3 MIGRATED to testing (Debian testing watch)
  • [2020-06-09] Accepted libsass 3.6.4-4~exp (source) into experimental (Jonas Smedegaard)
  • [2020-06-09] Accepted libsass 3.6.4-3 (source) into unstable (Jonas Smedegaard)
  • [2020-06-08] Accepted libsass 3.6.4-2 (source) into unstable (Jonas Smedegaard)
  • [2020-05-11] libsass 3.6.4-1 MIGRATED to testing (Debian testing watch)
  • [2020-05-09] Accepted libsass 3.6.4-1 (source) into unstable (Anthony Fok)
  • [2020-03-12] libsass 3.6.3-1 MIGRATED to testing (Debian testing watch)
  • [2020-02-28] Accepted libsass 3.6.3-1 (source) into unstable (Anthony Fok)
  • [2019-07-05] Accepted libsass 3.6.1-1 (source) into experimental (Jonas Smedegaard)
  • [2019-06-02] libsass 3.5.5-4 MIGRATED to testing (Debian testing watch)
  • [2019-05-22] Accepted libsass 3.5.5-4 (source) into unstable (Jonas Smedegaard)
  • [2019-05-21] Accepted libsass 3.5.5-3 (source) into unstable (Jonas Smedegaard)
  • [2018-12-27] libsass 3.5.5-2 MIGRATED to testing (Debian testing watch)
  • [2018-12-25] Accepted libsass 3.5.5-2 (source) into unstable (Jonas Smedegaard)
  • [2018-11-24] libsass 3.5.5-1 MIGRATED to testing (Debian testing watch)
  • [2018-11-21] Accepted libsass 3.5.5-1 (source amd64) into unstable (Anthony Fok)
  • [2018-07-25] libsass 3.5.4+20180621~c0a6cf3-1 MIGRATED to testing (Debian testing watch)
  • [2018-07-23] Accepted libsass 3.5.4+20180621~c0a6cf3-1 (source) into unstable (Jonas Smedegaard)
  • [2018-07-04] libsass 3.5.4-1 MIGRATED to testing (Debian testing watch)
  • [2018-07-02] Accepted libsass 3.5.4-1 (source amd64) into unstable, unstable (Anthony Fok)
  • [2018-01-17] libsass 3.4.8-1 MIGRATED to testing (Debian testing watch)
  • [2018-01-12] Accepted libsass 3.4.8-1 (source) into unstable (Jonas Smedegaard)
  • [2017-11-03] libsass 3.4.6-1 MIGRATED to testing (Debian testing watch)
  • [2017-10-28] Accepted libsass 3.4.6-1 (source) into unstable (Jonas Smedegaard)
  • 1
  • 2
bugs [bug history graph]
  • all: 5 6
  • RC: 0
  • I&N: 5 6
  • M&W: 0
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (0, 4)
  • buildd: logs, checks, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 3.6.4-3

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing