Bug#992117: buster-pu: package node-tar/4.4.6+ds1-3+deb10u1

To: Yadd <yadd@debian.org>, 992117@bugs.debian.org
Subject: Bug#992117: buster-pu: package node-tar/4.4.6+ds1-3+deb10u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Thu, 30 Sep 2021 20:40:07 +0100
Message-id: <[🔎] 8a51a57803cdb33f50fd98527366422b8c590460.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 992117@bugs.debian.org
In-reply-to: <162871990464.2945443.15550455421089215339.reportbug@deb007.xnr.fr>
References: <162871990464.2945443.15550455421089215339.reportbug@deb007.xnr.fr> <162871990464.2945443.15550455421089215339.reportbug@deb007.xnr.fr>

Control: tags -1 + confirmed

On Thu, 2021-08-12 at 00:11 +0200, Yadd wrote:
> node-tar is vulnerable to 2 CVE:
>  * #992110, CVE-2021-32803: arbitrary File Creation/Overwrite
>    vulnerability via insufficient symlink protection
>  * #992111, CVE-2021-32804: arbitrary File Creation/Overwrite
>    vulnerability due to insufficient absolute path sanitization
> 

Please go ahead.

Regards,

Adam

Reply to:

Prev by Date: Bug#991811: unblock: libapache2-mod-auth-openidc/2.4.9-1
Next by Date: Processed: Re: Bug#992117: buster-pu: package node-tar/4.4.6+ds1-3+deb10u1
Previous by thread: Processed: Re: Bug#991811: unblock: libapache2-mod-auth-openidc/2.4.9-1
Next by thread: Processed: Re: Bug#992117: buster-pu: package node-tar/4.4.6+ds1-3+deb10u1
Index(es):
- Date
- Thread