Re: Marking CVE-2021-23369/{node,libjs}-handlebars are no-dsa for all suites
Hi again,
On Fri, Apr 16, 2021 at 1:31 PM Utkarsh Gupta <utkarsh@debian.org> wrote:
> After discussing a bit with Yadd (CC'ed here), it seems that
> CVE-2021-23369 affecting node-handlebars for buster and
> libjs-handlebars for stretch and jessie is a bit too intrusive and
> difficult to fix for all the mentioned suites and therefore I am
> marking them as no-dsa (Too intrusive to fix) at the moment.
>
> Please let me know if I shouldn't or something.
Almost before doing that, looks like Yadd has found a way to fix this
for buster at least. Working with him to see if it's backportable to
stretch w/o having the increased risk of regression or something.
Sorry for the noise though.
- u
Reply to: