-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4883-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 01, 2021                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : underscore
CVE ID         : CVE-2021-23358
Debian Bug     : 986171

It was discovered that missing input sanitising in the template()
function of the Underscore JavaScript library could result in the
execution of arbitrary code.

For the stable distribution (buster), this problem has been fixed in
version 1.9.1~dfsg-1+deb10u1.

We recommend that you upgrade your underscore packages.

For the detailed security status of underscore please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/underscore

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmBmJWEACgkQEMKTtsN8
TjboABAAkxP1AwRuR7kcAVZboP7QZ6QGM34HNxdP8qXVoJcAYB2rHHKOU6u2MzYv
UII4dxZELsUWWGINKvVQITxlchvowvwxgtOEOrxd3nYnXMCin+kiiCibO6HLvQX3
lUgxtSvWEg109CZ7MHSGydy46WETeuCBilg6Hm0u9ZtJhMhP4nzOwmQtGc7GxQR+
sV66TvFDF3imr9aW8HOX7+SzMXDwmbE7I3LxRvS9CGW36rfTQBZABwFL1/GbHfeM
Aa9JF6yvWsMlmVHj7FwuDpthGKmXYHsJzEFmTl1JoJxI/rjaEDevjCbDKDmqH24a
ZG30Q9HScT6t1E28yEt6/6E5YUF3TmBd/g1SBioigingWMrWLS+pDv8aXZAwUtDp
kBXTuXGHJnSz65Z45WM3P+mgjqaFkjd2nRClXEjNa8vW0b3YefzzP1Hgh7hdcE2U
PhPPMGUZoXZhtgFhu8xXRMHP+/BPncqJEYNVudaXHkrNt1Cq7u7RuVj0orgbcohm
mhfYOhFPN2+fffi4U+1mdw2jap7wX1uo5/urrJFFeGhLF50wq364+nrTIVI1/M1H
UqzWn1MeMthM0T2uoKhdyfMXnMFPSjWlLaDgE251uCa7x7s/luU0RyEkbgHksfSp
wBC3vHvR35CYFm1rCG3RjDkXD7NIKiTYIjIkGzjhDU6NE3XaDfg=
=sg2L
-----END PGP SIGNATURE-----