Source: php-horde-css-parser Version: 1.0.11-8 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for php-horde-css-parser. CVE-2020-13756[0]: | Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled | data, possibly leading to remote code execution if the function | allSelectors() or getSelectorsBySpecificity() is called with input | from an attacker. php-horde-css-parser embeds Sabberworm CSS Parser, affected by CVE-2020-13756. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-13756 https://www.cve.org/CVERecord?id=CVE-2020-13756 [1] https://github.com/MyIntervals/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4 Regards, Salvatore
