Disallow parent selector in selector_fns arguments (Fixes #2779)

[glebm]

Fixes #2779

sass-spec: sass/sass-spec#1320

[xzyfer]

Can you please rebase this on master.

[glebm]

Rebased

[glebm]

Ah, have to rebase the sass-spec PR as well for CI to pass

[rasendubi]

Hey guys! I'm trying to fix the CVE-2018-19797 on NixOS. As far as I know, this PR is the only available patch and it does not apply to 3.5.5 release. (There were no src/fn_utils.cpp.)

Would you like to backport the patch to 3.5.x? Releasing a new patch version would be even more awesome 🙂

[xzyfer]

There are no plans for a new 3.5 release at this time.

…

On Fri., 28 Dec. 2018, 10:42 am Alexey Shmalko ***@***.*** wrote: Hey guys! I'm trying to fix the CVE-2018-19797 <https://nvd.nist.gov/vuln/detail/CVE-2018-19797> on NixOS. As far as I know, this PR is the only available patch and it does not apply to 3.5.5 release. (There were no src/fn_utils.cpp.) Would you like to backport the patch to 3.5.x? Releasing a new patch version would be even more awesome 🙂 — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub <#2780 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAjZWG0BE4ECKy_pAU1fJ7gY3Ntpl55Nks5u9VrSgaJpZM4Y9dQj> .

[risicle]

There are no plans for a new 3.5 release at this time.

Well, that's nice but meanwhile it's six months since any release of this library, leaving users with >3 unpatched CVEs.