Hi again, On Fri, Apr 16, 2021 at 1:31 PM Utkarsh Gupta <utka...@debian.org> wrote: > After discussing a bit with Yadd (CC'ed here), it seems that > CVE-2021-23369 affecting node-handlebars for buster and > libjs-handlebars for stretch and jessie is a bit too intrusive and > difficult to fix for all the mentioned suites and therefore I am > marking them as no-dsa (Too intrusive to fix) at the moment. > > Please let me know if I shouldn't or something.
Almost before doing that, looks like Yadd has found a way to fix this for buster at least. Working with him to see if it's backportable to stretch w/o having the increased risk of regression or something. Sorry for the noise though. - u
