Add CVE-2019-1879{7,8,9}/libsass

author: Salvatore Bonaccorso <carnil@debian.org> 2019-11-06 21:17:33 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2019-11-06 21:17:33 +0100
commit: 28b62232a434dbcc88b2d6bd785b4b036fa32ff8 (patch)
tree: f71d9413841de41ce396fb0fabfc910cde19c7fa
parent: 3caadd439be074f61f2ce3718f976f7f981403d4 (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index fa0ddeaabb..91d92cce32 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,11 +1,14 @@
 CVE-2019-18800 (Viber through 11.7.0.5 allows a remote attacker who can capture a vict ...)
 	TODO: check
 CVE-2019-18799 (LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser ...)
-	TODO: check
+	- libsass <unfixed>
+	NOTE: https://github.com/sass/libsass/issues/3001
 CVE-2019-18798 (LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::wea ...)
-	TODO: check
+	- libsass <unfixed>
+	NOTE: https://github.com/sass/libsass/issues/2999
 CVE-2019-18797 (LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sas ...)
-	TODO: check
+	- libsass <unfixed>
+	NOTE: https://github.com/sass/libsass/issues/3000
 CVE-2019-18796
 	RESERVED
 CVE-2019-18795
author	Salvatore Bonaccorso <carnil@debian.org>	2019-11-06 21:17:33 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2019-11-06 21:17:33 +0100
commit	28b62232a434dbcc88b2d6bd785b4b036fa32ff8 (patch)
tree	f71d9413841de41ce396fb0fabfc910cde19c7fa
parent	3caadd439be074f61f2ce3718f976f7f981403d4 (diff)