Control: tags -1 + confirmed For some reason, the initial request here doesn't seem to have made it to the debian-release list.
On Sat, 2021-01-23 at 08:32 +0000, Thorsten Alteholz wrote: > The attached debdiff for highlight.js fixes CVE-2020-26237 in Buster. > > Meanwhile it is marked as no-dsa by the security team. > > The same fix is already applied to 9.18.1+dfsg1-3, which was uploaded > to unstable in December and no regression showed up. Please go ahead. Regards, Adam
