Re: Marking CVE-2021-23369/{node,libjs}-handlebars are no-dsa for all suites

To: Debian LTS <debian-lts@lists.debian.org>, Debian Extended LTS contributors <extended-lts-team@freexian.com>
Cc: Xavier <yadd@debian.org>, Chris Lamb <lamby@debian.org>, Debian Security Team <team@security.debian.org>
Subject: Re: Marking CVE-2021-23369/{node,libjs}-handlebars are no-dsa for all suites
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Sun, 18 Apr 2021 18:00:36 +0530
Message-id: <[🔎] CAPP0f97-RPK82J-NmKavZ-TMj+tuHTJVOR5uT6wg63uu22hcnw@mail.gmail.com>
In-reply-to: <[🔎] CAPP0f95XycrPZ+TK5acFxxg684Ew8KZeJcoDVLLax29fLd2VVg@mail.gmail.com>
References: <[🔎] CAPP0f95bHg5vmWPDNgMuzQYVxapb46VH2tO6SA2UTB6h9qxaRA@mail.gmail.com> <[🔎] CAPP0f95XycrPZ+TK5acFxxg684Ew8KZeJcoDVLLax29fLd2VVg@mail.gmail.com>

Hello,

On Fri, Apr 16, 2021 at 2:27 PM Utkarsh Gupta <utkarsh@debian.org> wrote:
> Almost before doing that, looks like Yadd has found a way to fix this
> for buster at least. Working with him to see if it's backportable to
> stretch w/o having the increased risk of regression or something.

Unfortunately, this isn't a viable option and hence marked the two
issues for libjs-handlebars as ignored for both, stretch and jessie.

- u

Reply to:

References:
- Marking CVE-2021-23369/{node,libjs}-handlebars are no-dsa for all suites
  - From: Utkarsh Gupta <utkarsh@debian.org>
- Re: Marking CVE-2021-23369/{node,libjs}-handlebars are no-dsa for all suites
  - From: Utkarsh Gupta <utkarsh@debian.org>

Prev by Date: Re: Match ecosystems with limited support in debian-security-support
Next by Date: buster update for jackson-databind
Previous by thread: Re: Marking CVE-2021-23369/{node,libjs}-handlebars are no-dsa for all suites
Next by thread: Match ecosystems with limited support in debian-security-support
Index(es):
- Date
- Thread