Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability roundup 57: libsass-3.5.5: 1 advisory #52973

Closed
1 task
ckauhaus opened this issue Dec 27, 2018 · 4 comments
Closed
1 task

Vulnerability roundup 57: libsass-3.5.5: 1 advisory #52973

ckauhaus opened this issue Dec 27, 2018 · 4 comments
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one

Comments

@ckauhaus
Copy link
Contributor

search, files

Scanned versions: nixos-unstable: 44b02b5. May contain false positives.
@vcunat vcunat added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Dec 27, 2018
@rasendubi
Copy link
Member

  1. There is no new libsass release past 3.5.5.
  2. The only available patch is Disallow parent selector in selector_fns arguments (Fixes #2779) sass/libsass#2780 and it does not apply to 3.5.5
  3. I have asked upstream for a backport.

@rasendubi
Copy link
Member

sass/libsass#2780 (comment)

There are no plans for a new 3.5 release at this time.

@ckauhaus ckauhaus mentioned this issue Jan 7, 2019
Closed
3 tasks
@ckauhaus ckauhaus mentioned this issue Jan 28, 2019
Closed
3 tasks
@ckauhaus ckauhaus mentioned this issue Mar 9, 2019
Closed
3 tasks
@ckauhaus ckauhaus mentioned this issue Mar 25, 2019
Closed
1 task
This was referenced May 3, 2019
Closed
Closed
@dsg22
Copy link
Contributor

dsg22 commented Nov 13, 2019

nixos-19.09 has libsass-3.6.1 which is not listed as vulnerable in the CVE. Can we close this ticket now?

@ckauhaus
Copy link
Contributor Author

yes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dsg22 @rasendubi @ckauhaus @vcunat