• [SECURITY] [DSA 4883-1] underscore security update

    From Moritz Muehlenhoff@21:1/5 to All on Thu Apr 1 22:00:01 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4883-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff
    April 01, 2021 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : underscore
    CVE ID : CVE-2021-23358
    Debian Bug : 986171

    It was discovered that missing input sanitising in the template()
    function of the Underscore JavaScript library could result in the
    execution of arbitrary code.

    For the stable distribution (buster), this problem has been fixed in
    version 1.9.1~dfsg-1+deb10u1.

    We recommend that you upgrade your underscore packages.

    For the detailed security status of underscore please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/underscore

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmBmJWEACgkQEMKTtsN8 TjboABAAkxP1AwRuR7kcAVZboP7QZ6QGM34HNxdP8qXVoJcAYB2rHHKOU6u2MzYv UII4dxZELsUWWGINKvVQITxlchvowvwxgtOEOrxd3nYnXMCin+kiiCibO6HLvQX3 lUgxtSvWEg109CZ7MHSGydy46WETeuCBilg6Hm0u9ZtJhMhP4nzOwmQtGc7GxQR+ sV66TvFDF3imr9aW8HOX7+SzMXDwmbE7I3LxRvS9CGW36rfTQBZABwFL1/GbHfeM Aa9JF6yvWsMlmVHj7FwuDpthGKmXYHsJzEFmTl1JoJxI/rjaEDevjCbDKDmqH24a ZG30Q9HScT6t1E28yEt6/6E5YUF3TmBd/g1SBioigingWMrWLS+pDv8aXZAwUtDp kBXTuXGHJnSz65Z45WM3P+mgjqaFkjd2nRClXEjNa8vW0b3YefzzP1Hgh7hdcE2U PhPPMGUZoXZhtgFhu8xXRMHP+/BPncqJEYNVudaXHkrNt1Cq7u7RuVj0orgbcohm mhfYOhFPN2+fffi4U+1mdw2jap7wX1uo5/urrJFFeGhLF50wq364+nrTIVI1/M1H UqzWn1MeMthM0T2uoKhdyfMXnMFPSjWlLaDgE251uCa7x7s/luU0RyEkbgHksfSp wBC3vHvR35CYFm1rCG3RjDkXD7NIKiTYIjIkGzjhDU6NE3XaDfg=
    =sg2L
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)