Your message dated Tue, 14 Oct 2025 15:39:02 +0000
with message-id <[email protected]>
and subject line Bug#1104702: fixed in php-horde-css-parser 1.0.11-8.1
has caused the Debian Bug report #1104702,
regarding php-horde-css-parser: CVE-2020-13756 (in embeded Sabberworm CSS
Parser)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1104702: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104702
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: php-horde-css-parser
Version: 1.0.11-8
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for php-horde-css-parser.
CVE-2020-13756[0]:
| Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled
| data, possibly leading to remote code execution if the function
| allSelectors() or getSelectorsBySpecificity() is called with input
| from an attacker.
php-horde-css-parser embeds Sabberworm CSS Parser, affected by
CVE-2020-13756.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-13756
https://www.cve.org/CVERecord?id=CVE-2020-13756
[1]
https://github.com/MyIntervals/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: php-horde-css-parser
Source-Version: 1.0.11-8.1
Done: Andreas Henriksson <[email protected]>
We believe that the bug you reported is fixed in the latest version of
php-horde-css-parser, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Henriksson <[email protected]> (supplier of updated php-horde-css-parser
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 14 Oct 2025 09:06:29 +0000
Source: php-horde-css-parser
Architecture: source
Version: 1.0.11-8.1
Distribution: unstable
Urgency: medium
Maintainer: Horde Maintainers <[email protected]>
Changed-By: Andreas Henriksson <[email protected]>
Closes: 1089771 1104702
Changes:
php-horde-css-parser (1.0.11-8.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Remove non-existant verbose flag from phpunit autopkgtest (Closes:
#1089771)
* Add debian/patches/CVE-2020-13756.patch (Closes: #1104702)
Checksums-Sha1:
64695f7893a9d4e73a2c697dec20b304a1703e22 2172
php-horde-css-parser_1.0.11-8.1.dsc
b9f4d66534c0fbabf5aad95a71a7238b65c89a74 5728
php-horde-css-parser_1.0.11-8.1.debian.tar.xz
27958b59425469e50026a8a96ea7ba9e951cb9ec 6555
php-horde-css-parser_1.0.11-8.1_arm64.buildinfo
Checksums-Sha256:
78c95e7a4abb316bf9bf3ffba6115d33969ef3b583dcdfb44ceb5bb0ee3f03fe 2172
php-horde-css-parser_1.0.11-8.1.dsc
e6812eda951739f7534e7ca25ddeeee6c253872178be2c634cf6e35495a2208d 5728
php-horde-css-parser_1.0.11-8.1.debian.tar.xz
df4c59d44f02a4a415855a531b3a08432c822db7801f08944c6e1144e90cc764 6555
php-horde-css-parser_1.0.11-8.1_arm64.buildinfo
Files:
5a88ae6fc8ee3862febd5019746cf370 2172 php optional
php-horde-css-parser_1.0.11-8.1.dsc
ec98a5077e189bbf68c13f5cbf367d5e 5728 php optional
php-horde-css-parser_1.0.11-8.1.debian.tar.xz
428e91a1c442c36a3365b0941ee6bfb0 6555 php optional
php-horde-css-parser_1.0.11-8.1_arm64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE+uHltkZSvnmOJ4zCC8R9xk0TUwYFAmjuZZsACgkQC8R9xk0T
Uwb1PQ/9Hxi7jrAx2EokAO/uVapjsCT9PWJ5XDc8tnLpHKpUIgGoqGrpw9hFTEwG
GLIJNm2ZwBPk1UrU9muL9ewYwHFxHGv/MMCDeUm/vQIxpBAg1MOLUFTwAYU2ECdP
n52DEK84VG7gtOD+w+OZ28p/Jl64b1gQG7M/oU6/XXkRB76gFyuZPYSNWyykL0uM
3YMKSFqPYSlHYBnL5ZE1yXJhxAuUaa8qAfqe+DOaUgrO27ysMJUBhTGd5Qb4oMXv
wgDFG5JaG29KybhCnyyZX6MybZ3tjmZ7+BQLhZvj6iBA/SFfBxv4kXJyjxMWp3hC
B9I1t+e+tSnZVper416leA+Td1/g9pmFkarYY+YLHUE2XOwzKPu70G4VEJ7DcV1p
T1+iOa8TRzKqtZ7+wUDi1sgIKHpf2bC40pQY7ugzjd3xsrJ/pNAPY612GpF7oSFL
Jz7e2YTnDCAo5WPd2Kj3gYQ3RN0QgX3fe0Wx1sfmFgzTlJVDjZ7+MgG7TkJ6H4M2
dsVYc0un2AboFkcedDRs3IscJNhK2uZu8L+tuXy6xalsIeiZNQPJl54S1xB/Qt1A
WYNt9l0uelB3+VpKWtBpcmjfsXoyV7J5FJj4l/7p6rroAx0u1s6moPhOAwi34eLl
o/+8qMqVpUw6NDqhWDL1ci7iRbzrzbDyLUHVw+zAaUYJLWR+xNM=
=cX8E
-----END PGP SIGNATURE-----
pgp7iE3TvuX22.pgp
Description: PGP signature
--- End Message ---
