[SECURITY] [DLA 4268-1] node-tmp security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4268-1] node-tmp security update
From: Adrian Bunk <bunk@debian.org>
Date: Mon, 11 Aug 2025 13:33:44 +0300
Message-id: <[🔎] aJnHCA7pe3Z9Dfli@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4268-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
August 11, 2025                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : node-tmp
Version        : 0.2.1+dfsg-1+deb11u1
CVE ID         : CVE-2025-54798
Debian Bug     : 1110532

Arbitrary file write has been fixed in node-tmp,
a temporary file and directory creator for Node.js.

For Debian 11 bullseye, this problem has been fixed in version
0.2.1+dfsg-1+deb11u1.

We recommend that you upgrade your node-tmp packages.

For the detailed security status of node-tmp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/node-tmp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmiZxwQACgkQiNJCh6LY
mLGIohAAoh4y1Q+T48mlhCYOa9ZHt14G6zKgrRoVekdAlUPyTYRzBzV/msZrAVhU
lz/VReiUIOUXtX/686kE5SzM/NAhPXE1WvQfP9pkP25tFxaLZGnZlnZI7F6WTEhe
bOg4JZjBz0+sTSj7tT/BvGroZvSn1x+/pzZVQvsfuZrBBRoK0o0OhLGhoqNrjydi
yfUh/itPx2YySEPTMd17o7JSoDLa1zqhHfe7WiGCzYmTnzI7BLVLuhVthw46/UFx
mYHHhu9cvaDp1MP/1UU52GeQK7o+s6Boes0hzVp17Kb+aTNI+wpZQO1dNEykS3HH
w/9CQEupFDEVxU/MmlTbw0WdPXl77uvnM2g8XxM7crtZA/ZQBvDe68qYhFLVG8HD
a83wCgBiYoUhslUxFTbVE6P7U3EpNdLB4YtRXOwpKJun30G3MHpPLNEnD8TQW/iK
b0r9q7JjEPtDR1nSzV/DDLTga01nf+5NCUNvLyIZFkT3HIJdszJVcIJB39FVRC9i
zbuRRv56ziyQVb9RG8VWC2YkhYUJyfFyhTi1oqcVojr113ivQX/lbQI+nPnvUQ1f
nK2ES4D2Ln+sQBOtbP8wo1DyRsW8GHFczveCE+JAH4M+cZegYCVtCttCOWoScwCs
luJ3sMSppHKpZdKmzMNyImQF3w26lINUF4+5p4a4lMgSxap21dA=
=HUEV
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4266-1] distro-info-data database update
Next by Date: [SECURITY] [DLA 4269-1] ca-certificates-java bugfix update
Previous by thread: [SECURITY] [DLA 4266-1] distro-info-data database update
Next by thread: [SECURITY] [DLA 4269-1] ca-certificates-java bugfix update
Index(es):
- Date
- Thread