Hi all, I pushed an MR[1] to fix this CVE tagged as "high" and also CVE-2018-19827 (medium), CVE-2019-6283 (low), CVE-2019-6284 (low) and CVE-2019-6286 (low) Cheers, Xavier [1]: https://salsa.debian.org/sass-team/libsass/merge_requests/1