File _patchinfo of Package patchinfo.7438

<patchinfo incident="7438">
  <issue id="1050148" tracker="bnc">VUL-1: python3-libsass: Stack-overflow in the sassc of  libsass library.</issue>
  <issue id="1050149" tracker="bnc">VUL-1: python3-libsass: Illegal address access in eval.cpp of libsass</issue>
  <issue id="1050150" tracker="bnc">VUL-1: python3-libsass: Stack-overflow in the sassc  of  libsass library in Parser::advanceToNextToken()</issue>
  <issue id="1050151" tracker="bnc">VUL-1: CVE-2017-11605: python3-libsass: Heap based buffer over-read leading to DoS</issue>
  <issue id="1050380" tracker="bnc">VUL-1: libsass: Heap based buffer overflow</issue>
  <issue id="2017-11608" tracker="cve" />
  <issue id="2017-11555" tracker="cve" />
  <issue id="2017-11556" tracker="cve" />
  <issue id="2017-11605" tracker="cve" />
  <issue id="2017-11554" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>cbosdonnat</packager>
  <description>This update for libsass fixes the following DoS vulnerabilities:

- CVE-2017-11554: Stack consumption vulnerability allowed remote DoS via crafted input (1050148)
- CVE-2017-11555: Illegal address access in Eval::operator allowed remote DoS via crafted input (boo#1050149)
- CVE-2017-11556: Stack consumption vulnerability allowed remote DoS via crafted input (boo#1050150)
- CVE-2017-11605: Heap based buffer over-read allowed remote DoS via crafted input (boo#1050151)
- CVE-2017-11608: Heap-based buffer over-read allowed remote DoS via crafted input (boo#1050380)
</description>
  <summary>Security update for libsass</summary>
</patchinfo>