Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 742491 (CVE-2019-18798) - dev-libs/libsass: heap-based buffer over-read before 3.6.3
Summary: dev-libs/libsass: heap-based buffer over-read before 3.6.3
Status: IN_PROGRESS
Alias: CVE-2019-18798
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://nvd.nist.gov/vuln/detail/CVE-...
Whiteboard: ?? [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-09-14 12:34 UTC by Hanno Böck
Modified: 2020-09-15 05:33 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2020-09-14 12:34:43 UTC
libsass 3.6.3 was an upstream security release.
We currently have 3.6.4 in the tree, but it is masked. However the bug referenced in the mask is closed (#705682), not sure what the status there is exactly...
Comment 1 Andrew Ammerlaan 2020-09-14 12:56:51 UTC
The bug that masked 3.6.3 is also present in 3.6.4, I tested this when I bumped from 3.6.3 to 3.6.4. See also: https://github.com/gentoo/gentoo/pull/15596

Hopefully it will be fixed in 3.6.5
Comment 2 Sam James archtester gentoo-dev Security 2020-09-15 05:33:23 UTC
Thanks Hanno and Andrew.

I assume these are the relevant commits:
* https://github.com/sass/libsass/commit/8bd60936b51c9944ae8dedf4ea840abb1cc3994c (Fix some null pointer access crashes)
* https://github.com/sass/libsass/commit/ad289a93194f2f02c89256cfb07704c729cf9809 (Fix an interesting memory handling edge case)
* https://github.com/sass/libsass/commit/1b9d52d98c990cebb2fa74fc02a483fa370e4e14 (Fix memory leak in Sass::Eval::operator()(Sass::String_Schema*))
* https://github.com/sass/libsass/commit/16f76e2cd6cebf0a31f579a40e635c309109e4db (Fix memory leak in Parser::parse_media_query)
* https://github.com/sass/libsass/commit/bf6ccae23b663902847576bf2a98838ef5510168 (Fix stack-overflow in Binary_Expression)
* https://github.com/sass/libsass/commit/7a21c79e321927363a153dc5d7e9c492365faf9b (Fix heap-buffer-overflow in re_linebreak)
* https://github.com/sass/libsass/commit/cbf4cb89e66124d69f906862f3bd2a379c00b157 (Fix out of boundary vector access)
* https://github.com/sass/libsass/commit/a5226f462a24a63280a7e0eb38ec8b5e4c6b3a50 (Fix nullptr access on media query without type)
* https://github.com/sass/libsass/commit/4c83fdb0fe90432cc9b778d816ffd6859e34ef2d (Fix out of boundary vector access)