Register | Log in

libsass

Choose email to subscribe with

general

source: libsass (main)
version: 3.6.5+20211226-1
maintainer: Debian Sass team (archive) (DMD)
uploaders: Jonas Smedegaard [DMD] – Anthony Fok [DMD]
arch: any
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.4.3-1
oldstable: 3.5.5-4
old-bpo: 3.6.4-3~bpo10+1
stable: 3.6.4+20201122-1
testing: 3.6.5+20211226-1
unstable: 3.6.5+20211226-1

versioned links

3.4.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.5-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.6.4-3~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.6.4+20201122-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.6.5+20211226-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libsass-dev
libsass1

action needed

lintian reports 4 warnings normal

Lintian reports 4 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-10-13 Last update: 2021-10-13 21:33

9 low-priority security issues in buster low

There are 9 open security issues in buster.

9 issues left for the package maintainer to handle:

CVE-2018-11694: (needs triaging) An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-11697: (needs triaging) An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
CVE-2018-11698: (needs triaging) An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
CVE-2018-19797: (needs triaging) In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.
CVE-2018-19838: (needs triaging) In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().
CVE-2018-20821: (needs triaging) The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).
CVE-2018-20822: (needs triaging) LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).
CVE-2019-18798: (needs triaging) LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp.
CVE-2019-18799: (needs triaging) LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2022-01-05 06:35

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2021-11-18 Last update: 2021-11-18 05:06

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.6.0).

Created: 2022-05-11 Last update: 2022-05-11 23:25

news

[2022-01-05] libsass 3.6.5+20211226-1 MIGRATED to testing (Debian testing watch)
[2022-01-02] Accepted libsass 3.6.5+20211226-1 (source) into unstable (Jonas Smedegaard)
[2021-11-20] libsass 3.6.5+20211111-2 MIGRATED to testing (Debian testing watch)
[2021-11-20] libsass 3.6.5+20211111-2 MIGRATED to testing (Debian testing watch)
[2021-11-17] Accepted libsass 3.6.5+20211111-2 (source) into unstable (Jonas Smedegaard)
[2021-11-17] Accepted libsass 3.6.5+20211111-1 (source) into experimental (Jonas Smedegaard)
[2021-09-11] libsass 3.6.5+20210718-1 MIGRATED to testing (Debian testing watch)
[2021-09-08] Accepted libsass 3.6.5+20210718-1 (source) into unstable (Jonas Smedegaard)
[2021-08-16] libsass 3.6.4+20210501-1 MIGRATED to testing (Debian testing watch)
[2021-06-02] Accepted libsass 3.6.5-1 (source) into experimental (Jonas Smedegaard)
[2021-05-06] Accepted libsass 3.6.4+20210501-1 (source) into unstable (Jonas Smedegaard)
[2021-01-12] libsass 3.6.4+20201122-1 MIGRATED to testing (Debian testing watch)
[2021-01-09] Accepted libsass 3.6.4+20201122-1 (source) into unstable (Jonas Smedegaard)
[2021-01-08] Accepted libsass 3.6.4+20201122-1~exp (source) into experimental (Jonas Smedegaard)
[2021-01-08] Accepted libsass 3.6.4-4 (source) into unstable (Jonas Smedegaard)
[2021-01-07] Accepted libsass 3.6.4-4~exp1 (source) into experimental (Jonas Smedegaard)
[2020-12-08] Accepted libsass 3.6.4-3~bpo10+1 (source amd64) into buster-backports, buster-backports (Debian FTP Masters) (signed by: Anthony Fok)
[2020-06-11] libsass 3.6.4-3 MIGRATED to testing (Debian testing watch)
[2020-06-09] Accepted libsass 3.6.4-4~exp (source) into experimental (Jonas Smedegaard)
[2020-06-09] Accepted libsass 3.6.4-3 (source) into unstable (Jonas Smedegaard)
[2020-06-08] Accepted libsass 3.6.4-2 (source) into unstable (Jonas Smedegaard)
[2020-05-11] libsass 3.6.4-1 MIGRATED to testing (Debian testing watch)
[2020-05-09] Accepted libsass 3.6.4-1 (source) into unstable (Anthony Fok)
[2020-03-12] libsass 3.6.3-1 MIGRATED to testing (Debian testing watch)
[2020-02-28] Accepted libsass 3.6.3-1 (source) into unstable (Anthony Fok)
[2019-07-05] Accepted libsass 3.6.1-1 (source) into experimental (Jonas Smedegaard)
[2019-06-02] libsass 3.5.5-4 MIGRATED to testing (Debian testing watch)
[2019-05-22] Accepted libsass 3.5.5-4 (source) into unstable (Jonas Smedegaard)
[2019-05-21] Accepted libsass 3.5.5-3 (source) into unstable (Jonas Smedegaard)
[2018-12-27] libsass 3.5.5-2 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 5 6
RC: 0
I&N: 5 6
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 4)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.6.5-1ubuntu1
2 bugs
patches for 3.6.5-1ubuntu1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing