-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2613-1 [email protected] https://www.debian.org/lts/security/ Yadd March 31, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : underscore Version : 1.8.3~dfsg-1+deb9u1 CVE ID : CVE-2021-23358 Debian Bug : 986171 node-underscore and libjs-underscore are vulnerable to Arbitrary Code Execution via the template function, particulary when a variable property is passed as an argument as it is not sanitized. For Debian 9 stretch, this problem has been fixed in version 1.8.3~dfsg-1+deb9u1. We recommend that you upgrade your underscore packages. For the detailed security status of underscore please refer to its security tracker page at: https://security-tracker.debian.org/tracker/underscore Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmBk5LoACgkQ9tdMp8mZ 7umtVQ//fRiLcAxLAabtOa7Z5GxIK/jY6nkg/W2yw7f8462TN13fashAZ3YyexLa brqULPrns6ru/N5EDTk4Ft+WAC6hYkbc5QMo1xOQZimmNq52srRtoNzrbuE6sCzw XaNaiNKMaCR6SM3DhCysaS5ZOPAjx8+O2Zo5LBYu33Oi7uO5I7Bf1rUez+i+MCz/ zxQHYggGkPPWc5/OakVGWaOA0NnP9DnUCebtBIAFuiswVyExfeljjTRea5AK96jw oGX0K8SKEw/IKKCsxZ91cVP6PMnsbLauywtcu5Xjn5nfC2yrEcyijdHI5oQju54D GE/bDsorhOgPMNixz0EkbpS7UQGz6GhKHw6UpS9fSVsWEotQyt8gZT4qb8+Qz2wO Pkw0eTeEgk0gC/ga8CUH1vYe9ND32kYIc6yT/pB2gpcCgav9PkA1OmNxO+kvXQrY 4EiSQVP26jxk0IK7FRKhYJDPVJem4tieg1z/dpQt/DpRb6TH6GaI5CkLoVNFr3AC 8CSAAB4QQeFdWNS4UwcpKgPmFrB/w482G3eQ/+F9ZCL1P7sMID8LjxGKVPbfhlXH alQQKk9gRxpM9/vg+g8sVxf3ynJtnyA3SKvcs55mz7bKtl3cL7bIPrHmORvCkn30 OpK8SzafuIAmYCnmADSiSVkG9g5lr1s5imyEeawojLH53gv0LoQ= =nVK6 -----END PGP SIGNATURE-----
