it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4883-1] underscore security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 4883-1] underscore security update
Date: Thu, 1 Apr 2021 19:56:52 +0000
Authentication-results: mail02.piratenpartei.de; dkim=none; spf=none (mail02.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
List-archive: https://lists.debian.org/msgid-search/20210401195652.GB19539 AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=sqHURFS4dhWJbmALFY95KE02ieRoG8kyrcvRQWcp4cw=; b=Fk oaE78Y4MX0irLw2TfsZoIyjhQvuTYHyk/Az8U+XgfWU+TfjAvB8ZmW5Tn7n1T6uLDHfrnpViEbbOy Efq71COTzDxR2e/tKZ3em9vV+fE+LjXFDP8kaFp8ceVU5Yziy8H4izw1cof9bIHbs+2ePQWqa+6cO GJXXRUVbI7b2ykMtEnlCT4xiPEEd1Np4Ad/WPmF5xcaQh6hKsTIpKwVpLa6Dk1Lu4ZGl4NihIw8+k CADPsngciDzS8sNeG559DjLthRjadHnmckkckMI73y/O81tBGEUSlWAdQn9bwHyD7zhzJjfcM5zgd hTX+05MwE0cPtSdOd3o1v5vBpgEnWffg==;
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Thu, 1 Apr 2021 19:57:12 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <PWJLuMQj6sK.A.lt.YWiZgB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4883-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 01, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : underscore
CVE ID : CVE-2021-23358
Debian Bug : 986171

It was discovered that missing input sanitising in the template()
function of the Underscore JavaScript library could result in the
execution of arbitrary code.

For the stable distribution (buster), this problem has been fixed in
version 1.9.1~dfsg-1+deb10u1.

We recommend that you upgrade your underscore packages.

For the detailed security status of underscore please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/underscore

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmBmJWEACgkQEMKTtsN8
TjboABAAkxP1AwRuR7kcAVZboP7QZ6QGM34HNxdP8qXVoJcAYB2rHHKOU6u2MzYv
UII4dxZELsUWWGINKvVQITxlchvowvwxgtOEOrxd3nYnXMCin+kiiCibO6HLvQX3
lUgxtSvWEg109CZ7MHSGydy46WETeuCBilg6Hm0u9ZtJhMhP4nzOwmQtGc7GxQR+
sV66TvFDF3imr9aW8HOX7+SzMXDwmbE7I3LxRvS9CGW36rfTQBZABwFL1/GbHfeM
Aa9JF6yvWsMlmVHj7FwuDpthGKmXYHsJzEFmTl1JoJxI/rjaEDevjCbDKDmqH24a
ZG30Q9HScT6t1E28yEt6/6E5YUF3TmBd/g1SBioigingWMrWLS+pDv8aXZAwUtDp
kBXTuXGHJnSz65Z45WM3P+mgjqaFkjd2nRClXEjNa8vW0b3YefzzP1Hgh7hdcE2U
PhPPMGUZoXZhtgFhu8xXRMHP+/BPncqJEYNVudaXHkrNt1Cq7u7RuVj0orgbcohm
mhfYOhFPN2+fffi4U+1mdw2jap7wX1uo5/urrJFFeGhLF50wq364+nrTIVI1/M1H
UqzWn1MeMthM0T2uoKhdyfMXnMFPSjWlLaDgE251uCa7x7s/luU0RyEkbgHksfSp
wBC3vHvR35CYFm1rCG3RjDkXD7NIKiTYIjIkGzjhDU6NE3XaDfg=
=sg2L
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 4883-1] underscore security update, Moritz Muehlenhoff, 01.04.2021

Archiv bereitgestellt durch MHonArc 2.6.24.