Vulnerability roundup 67: libsass-3.5.5: 4 advisories #60842
Labels
1.severity: security
Issues which raise a security issue, or PRs that fix one
Comments
hedning
added
the
1.severity: security
10 tasks
|
nixos-19.09 has libsass-3.6.1 which is not listed as vulnerable in the CVE. nixos-19.03 still has libsass-3.5.5, but I'm not sure what the support policy is here. Do we keep issues open if they only affect the last release? This would be helpful to know as I'm currently going through the CVE roundup list to try to update the case status, and a lot of them have been fixed in unstable and 19.09. Upstream has indicated that no further releases for 3.5 series will be made, so we can consider it EOL. If we need to support 19.03 still, libsass would have to be updated to 3.6.x. |
|
I don't think we should upgrade libsass to 3.6. on 19.03. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
search, files
Scanned versions: nixos-unstable: dfd8f84; nixos-19.03: cf3e277. May contain false positives.
The text was updated successfully, but these errors were encountered: