Bug#987042: buster-pu: package node-handlebars/4.1.0-1+deb10u3

To: Yadd <yadd@debian.org>, 987042@bugs.debian.org
Subject: Bug#987042: buster-pu: package node-handlebars/4.1.0-1+deb10u3
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Mon, 19 Apr 2021 20:02:06 +0100
Message-id: <[🔎] 88bc879d109f23ceb19f33d2107dddd9659d0029.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 987042@bugs.debian.org
In-reply-to: <[🔎] 161856244560.3457477.14445451952454643984.reportbug@deb007.xnr.fr>
References: <[🔎] 161856244560.3457477.14445451952454643984.reportbug@deb007.xnr.fr> <[🔎] 161856244560.3457477.14445451952454643984.reportbug@deb007.xnr.fr>

Control: tags -1 + confirmed

On Fri, 2021-04-16 at 10:40 +0200, Yadd wrote:
> node-handlebars is vulnerable to Arbitrary Code Execution and Remote
> Code Execution (CVE-2019-20920 and CVE-2021-23369)
> 

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#987042: buster-pu: package node-handlebars/4.1.0-1+deb10u3
  - From: Yadd <yadd@debian.org>

Prev by Date: Processed: Re: Bug#987042: buster-pu: package node-handlebars/4.1.0-1+deb10u3
Next by Date: Bug#987048: buster-pu: package node-glob-parent/3.1.0-1+deb10u1
Previous by thread: Processed: Re: Bug#987042: buster-pu: package node-handlebars/4.1.0-1+deb10u3
Next by thread: Bug#987042: node-handlebars 4.1.0-1+deb10u3 flagged for acceptance
Index(es):
- Date
- Thread