Debian Linux Security Advisory 4883-1 - It was discovered that missing input sanitising in the template() function of the Underscore JavaScript library could result in the execution of arbitrary code.
c0b2dfa2b994cca132b9bed945a3e229ea9da1d689d20e73ba313f909884cb9e