Candidate: CVE-2019-6284
PublicDate: 2019-01-14 22:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6284
 https://github.com/sass/libsass/issues/2816
Description:
 In LibSass 3.5.5, a heap-based buffer over-read exists in
 Sass::Prelexer::alternatives in prelexer.hpp.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_libsass:
 upstream: https://github.com/sass/libsass/commit/0f3d3f8df99af422af055c41d778ca9c5c60a0bb
upstream_libsass: needs-triage
precise/esm_libsass: DNE
trusty_libsass: DNE
trusty/esm_libsass: DNE
xenial_libsass: ignored (end of standard support, was needed)
bionic_libsass: needed
cosmic_libsass: ignored (reached end-of-life)
disco_libsass: ignored (reached end-of-life)
eoan_libsass: not-affected (3.5.5-4)
focal_libsass: not-affected (3.5.5-4)
groovy_libsass: not-affected (3.5.5-4)
hirsute_libsass: not-affected (3.5.5-4)
impish_libsass: not-affected (3.5.5-4)
jammy_libsass: not-affected (3.5.5-4)
devel_libsass: not-affected (3.5.5-4)