-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4883-1
security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff
April 01, 2021
https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : underscore
CVE ID : CVE-2021-23358
Debian Bug : 986171
It was discovered that missing input sanitising in the template()
function of the Underscore JavaScript library could result in the
execution of arbitrary code.
For the stable distribution (buster), this problem has been fixed in
version 1.9.1~dfsg-1+deb10u1.
We recommend that you upgrade your underscore packages.
For the detailed security status of underscore please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/underscore
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmBmJWEACgkQEMKTtsN8 TjboABAAkxP1AwRuR7kcAVZboP7QZ6QGM34HNxdP8qXVoJcAYB2rHHKOU6u2MzYv UII4dxZELsUWWGINKvVQITxlchvowvwxgtOEOrxd3nYnXMCin+kiiCibO6HLvQX3 lUgxtSvWEg109CZ7MHSGydy46WETeuCBilg6Hm0u9ZtJhMhP4nzOwmQtGc7GxQR+ sV66TvFDF3imr9aW8HOX7+SzMXDwmbE7I3LxRvS9CGW36rfTQBZABwFL1/GbHfeM Aa9JF6yvWsMlmVHj7FwuDpthGKmXYHsJzEFmTl1JoJxI/rjaEDevjCbDKDmqH24a ZG30Q9HScT6t1E28yEt6/6E5YUF3TmBd/g1SBioigingWMrWLS+pDv8aXZAwUtDp kBXTuXGHJnSz65Z45WM3P+mgjqaFkjd2nRClXEjNa8vW0b3YefzzP1Hgh7hdcE2U PhPPMGUZoXZhtgFhu8xXRMHP+/BPncqJEYNVudaXHkrNt1Cq7u7RuVj0orgbcohm mhfYOhFPN2+fffi4U+1mdw2jap7wX1uo5/urrJFFeGhLF50wq364+nrTIVI1/M1H UqzWn1MeMthM0T2uoKhdyfMXnMFPSjWlLaDgE251uCa7x7s/luU0RyEkbgHksfSp wBC3vHvR35CYFm1rCG3RjDkXD7NIKiTYIjIkGzjhDU6NE3XaDfg=
=sg2L
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)