Security update for libsass
This update for libsass fixes the following DoS vulnerabilities:
- CVE-2017-11554: Stack consumption vulnerability allowed remote DoS via crafted input (1050148)
- CVE-2017-11555: Illegal address access in Eval::operator allowed remote DoS via crafted input (boo#1050149)
- CVE-2017-11556: Stack consumption vulnerability allowed remote DoS via crafted input (boo#1050150)
- CVE-2017-11605: Heap based buffer over-read allowed remote DoS via crafted input (boo#1050151)
- CVE-2017-11608: Heap-based buffer over-read allowed remote DoS via crafted input (boo#1050380)
-
Submitted by
Cédric Bosdonnat (cbosdonnat)
Fixed bugs
bnc#1050148
VUL-1: python3-libsass: Stack-overflow in the sassc of libsass library.
bnc#1050149
VUL-1: python3-libsass: Illegal address access in eval.cpp of libsass
bnc#1050150
VUL-1: python3-libsass: Stack-overflow in the sassc of libsass library in Parser::advanceToNextToken()
bnc#1050151
VUL-1: CVE-2017-11605: python3-libsass: Heap based buffer over-read leading to DoS
bnc#1050380
VUL-1: libsass: Heap based buffer overflow
