[FFe] Please sync libsass 3.6.3-1 from Debian
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| libsass (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Please update libsass from 3.5.5-4 (universe, focal) to 3.6.3-1 by syncing from Debian sid.
Besides new features and expanded APIs in the libsass 3.6 series, 3.6.3 also contains security fixes up to November 2019. libsass 3.5.5, on the other hand, was released in November 2018, and while Debian's libsass 3.5.5-4 contains some backported security fixes, it only covers security fixes up till May 2019, missing at least CVE-2019-18798 and CVE-2019-18799 which are fixed by libsass 3.6.3.
See also https:/
This will also allow hugo 0.66.0-1 which requires libsass 3.6.3-1 (via golang-
Note that the following packages which depend on libsass will need to be sync'ed from Debian too to build/autopkgtest successfully with libsass 3.6.3-1, namely:
* sassc 3.6.1-2 (upstream version for libsass 3.6.x)
* ruby-sassc 2.2.1-1 (upstream version for libsass 3.6.x)
* libsass-python 0.19.4-0.1 (upstream version for libsass 3.6.x)
* node-node-sass 4.13.1-3 (embed its included copy of libsass 3.5.5;
upstream has given no timetable for upgrade to libsass 3.6)
Many thanks!
Anthony Fok
| Anthony Fok (foka) wrote | #1 |
| affects: | nginx (Ubuntu) → libsass (Ubuntu) |
| description: | updated |
| Anthony Fok (foka) wrote | #2 |
| tags: | added: focal |
| Changed in libsass (Ubuntu): | |
| status: | New → Fix Released |
