Bug#992114: bullseye-pu: package node-tar/6.0.5+ds1+~cs11.3.9-1+deb11u1

To: Yadd <yadd@debian.org>, 992114@bugs.debian.org
Subject: Bug#992114: bullseye-pu: package node-tar/6.0.5+ds1+~cs11.3.9-1+deb11u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 01 Oct 2021 20:39:56 +0100
Message-id: <[🔎] d7c0307b3170e8d069da3418affa0ef0a666758e.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 992114@bugs.debian.org
In-reply-to: <162871413674.2878163.8975900597349884895.reportbug@deb007.xnr.fr>
References: <162871413674.2878163.8975900597349884895.reportbug@deb007.xnr.fr> <162871413674.2878163.8975900597349884895.reportbug@deb007.xnr.fr>

Control: tags -1 + confirmed

On Wed, 2021-08-11 at 22:35 +0200, Yadd wrote:
> node-tar is vulnerable to 2 CVE:
>  * #992110, CVE-2021-32803: arbitrary File Creation/Overwrite
>    vulnerability via insufficient symlink protection
>  * #992111, CVE-2021-32804: arbitrary File Creation/Overwrite
>    vulnerability due to insufficient absolute path sanitization
> 

Please go ahead; sorry for the delivery.

Regards,

Adam

Reply to:

Prev by Date: Processed: Re: Bug#992114: bullseye-pu: package node-tar/6.0.5+ds1+~cs11.3.9-1+deb11u1
Next by Date: Bug#992331: bullseye-pu: package keystone/18.0.0-3+deb11u1 (CVE-2021-38155)
Previous by thread: Processed: Re: Bug#993639: bullseye-pu: package pyx3/0.15-3+deb11u1
Next by thread: Processed: Re: Bug#992114: bullseye-pu: package node-tar/6.0.5+ds1+~cs11.3.9-1+deb11u1
Index(es):
- Date
- Thread