Accepted node-tar 4.4.6+ds1-3+deb10u2 (source) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 12 Dec 2022 03:26:51 +0100
Source: node-tar
Architecture: source
Version: 4.4.6+ds1-3+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 993981
Changes:
node-tar (4.4.6+ds1-3+deb10u2) buster-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* CVE-2021-37701, CVE-2021-37712: Arbitrary File Creation/Overwrite via
insufficient symlink protection due to directory cache poisoning using
symbolic links. (Closes: #993981)
Checksums-Sha1:
12edbb9cdb13cbbe3ee09fe2868f58c9d3dc7562 2959 node-tar_4.4.6+ds1-3+deb10u2.dsc
89181bba1593d80beac8e34bd9cb53f83f143835 19923 node-tar_4.4.6+ds1.orig-fs-minipass.tar.gz
e606be18cd38e18a3cbd3194f4260c0a5d98bc93 26230 node-tar_4.4.6+ds1.orig-minipass.tar.gz
3726d2be7f2d31060794b4799c4267c22864e921 70906 node-tar_4.4.6+ds1.orig-minizlib.tar.gz
5c6401cae770132db41dae7c7bfbd1ee854ee311 117354 node-tar_4.4.6+ds1.orig.tar.gz
97d0bfaf81350fb34320c99e781d8b48a86f48de 13472 node-tar_4.4.6+ds1-3+deb10u2.debian.tar.xz
111cea07d33a94bb3aec945d02f3bc73167d889a 10334 node-tar_4.4.6+ds1-3+deb10u2_amd64.buildinfo
Checksums-Sha256:
562af14b36d02a5818456b40147e638236f1db8578e0898d8f0080a0b9865551 2959 node-tar_4.4.6+ds1-3+deb10u2.dsc
4e269ade84962245bc406307bfca5b17f133aa7b3ffef0ec20e1da0146ea16e5 19923 node-tar_4.4.6+ds1.orig-fs-minipass.tar.gz
f0d416e13e154cce83a4b182b72500f842690261fee733881dec674afe4dcf3a 26230 node-tar_4.4.6+ds1.orig-minipass.tar.gz
56cb3562401292012ba7b5dbd09050ae985123b54826695af5a5999a54ee0d02 70906 node-tar_4.4.6+ds1.orig-minizlib.tar.gz
00203ae70ae683af8af8f7d78e5f136c8849cadf1e06c2adcbc3a3543899e9e8 117354 node-tar_4.4.6+ds1.orig.tar.gz
c9211f6a76003b89356b3cbba93c8eca94c01bded59c9f5bd667283c703c49b2 13472 node-tar_4.4.6+ds1-3+deb10u2.debian.tar.xz
3ede9fe063d3fc9903c6eb01359f5d9a49e3d04ec95c16c40784591660643570 10334 node-tar_4.4.6+ds1-3+deb10u2_amd64.buildinfo
Files:
02b83e7b101ea42988a62a887d372317 2959 javascript optional node-tar_4.4.6+ds1-3+deb10u2.dsc
d4c190fefc77b35ca2fb3c4cd4905fa3 19923 javascript optional node-tar_4.4.6+ds1.orig-fs-minipass.tar.gz
e1803c19a9cae3399b4f15fdd0a5728a 26230 javascript optional node-tar_4.4.6+ds1.orig-minipass.tar.gz
27291df62baca70aab0597e2eab98c0a 70906 javascript optional node-tar_4.4.6+ds1.orig-minizlib.tar.gz
4185236c078385fac2dbec242a3ad13d 117354 javascript optional node-tar_4.4.6+ds1.orig.tar.gz
45e57754273b3dd5300b559d44963abb 13472 javascript optional node-tar_4.4.6+ds1-3+deb10u2.debian.tar.xz
d90cc9e51a2abbb929f76ec1bf259bc8 10334 javascript optional node-tar_4.4.6+ds1-3+deb10u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmOXG+EACgkQ05pJnDwh
pVK2zw//U3yFu6pEFCYISCbYzgds9w1K3nLX1Nzy7MyLJWXz+Hvh6UevxjSadcBV
sgQCsQ7eCCIf4l65zIwo1WqvHrghWKSkcAQwELaZoOP5YXr+N74rDWIOxpDrK2I5
K5OfjJppl42cZKiOGuET9km37faFCWSeaBGwf01DDAq37iMHb819TrK2FdpyQK00
Eerzwha6MUZD0TV/QX9NBxSEux/REER0Y0bFweCjrzttbo/iLxN5lKefmv8OfRca
l46ju6JvaByD3B6rPMDvcQNSa+7sF6pWdwkN3XI5ow1+WLprRc8YxnF8OnowKWR4
KnS44riR4qdXXkqgbFr0rypjtb+EBYrliQ86ZZ+Ne94oYOlv6AoM2g0G/yX8VWC5
m2sJ8IHbjJMQMzZl/+Ggqv4Lhd8nyEnquzvzQiVzwVNR1i+/kDVannMzfnGFIYii
Q9fvWX14k0LhOIVCXxOFW7gSzR4m/4DhuH1JxOkJfDOZniRz1u76wG2Cwz4MXv95
Vrs8yV2XAhmlhprSyM11L0/cklRn3Zp57mR7N+qvc2f6n7Q5wQVqnhH/vCkgNT4S
HhIJOMdOPdnD9wqyGstXlwbuORwWKOvx39l9onNaVsQtW4cXFHMM8aXnYpz358be
7pob9A24GD+ggApuPtIiDXe83qB6NQdJT+eWm+1LMMCB2wdNz88=
=614t
-----END PGP SIGNATURE-----
Reply to: