[SECURITY] [DLA 4214-1] node-tar-fs security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4214-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
June 11, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : node-tar-fs
Version : 2.1.3-0+deb11u1
CVE ID : CVE-2024-12905 CVE-2025-48387
Debian Bug : 1101501
Path traversal has been fixed in node-tar-fs, a Node.js module that
provides filesystem-like access to tar files.
CVE-2024-12905
symlink path traversal
CVE-2025-48387
hardlink path traversal
For Debian 11 bullseye, these problems have been fixed in version
2.1.3-0+deb11u1.
We recommend that you upgrade your node-tar-fs packages.
For the detailed security status of node-tar-fs please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/node-tar-fs
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmhJ7ckACgkQiNJCh6LY
mLHBew//diGXAfDXbuVlwkY8Nq1JrSVZjOaQo+zA9I11AIIgrP4TMRW7EWcV9jlu
ql5tmf26dWLNf0YLwSCck7tzFlvzuZZCnH2LCr5IK3PaYImTPzG3WBPt/xJH7avV
2Ht/2gQTg+THk6x+d42okH2o1ycE/YjgnTc9X9ge8quSWYb0XjuRKpCrOQ/QE+7q
64BLX0snpD+R1nJg9+lSCBX/55sl1RNGWqpDflkGa78c/ErvMzmZ/Fin+310oaCi
ZgjBgoeBueSLMA6WkydLeEE8RAfshUJKvgtmSqp0bzLbH8fv+fKU9vskKVKLNraX
74FVx+6rQwsWzn6uuoWwsaAIDCmMQx2IW7dLNd7A0le+UV28FkL4iPb+M1C6oGMk
rQigoQCxYn0tXnAKiHxI1ad8vo0YbSMMqCmjuylp4bvA5YFvlO3jCsMowZoXemqh
0bEkovRYlVT6c5jCYrWUxcvDTWLFTmTjk62ydASFqJMM7ZPoBTO2b6OFwGeTEM8k
mo6Qvh87I/xb15HR9NPlf2FPiAF04XuxIxtHXuY3if9O+swlg7wOQhmQhIhrp8xb
BhNGXFFJ/zbzK20JWSO5/RLICNw+aGOeqiIPJLn/3BN92hO/KQMQOcjRbGWVFPMV
4Q7qeI90rJc8eaq+4zoO8l01Ml2pLl85B/o3VdkIZL8fzH5FVbo=
=/Af3
-----END PGP SIGNATURE-----
Reply to: