There are 3 open security issues in bookworm.
3 issues left for the package maintainer to handle:
- CVE-2022-26592:
(needs triaging)
Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function.
- CVE-2022-43357:
(needs triaging)
Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.
- CVE-2022-43358:
(needs triaging)
Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS).
You can find information about how to handle these issues in the security team's documentation.