[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Marking CVE-2021-23369/{node,libjs}-handlebars are no-dsa for all suites

Hi again,

On Fri, Apr 16, 2021 at 1:31 PM Utkarsh Gupta <utkarsh@debian.org> wrote:
> After discussing a bit with Yadd (CC'ed here), it seems that
> CVE-2021-23369 affecting node-handlebars for buster and
> libjs-handlebars for stretch and jessie is a bit too intrusive and
> difficult to fix for all the mentioned suites and therefore I am
> marking them as no-dsa (Too intrusive to fix) at the moment.
> Please let me know if I shouldn't or something.

Almost before doing that, looks like Yadd has found a way to fix this
for buster at least. Working with him to see if it's backportable to
stretch w/o having the increased risk of regression or something.
Sorry for the noise though.

- u

Reply to: