Bug#1107568: bookworm-pu: package node-tar-fs/2.1.3-0+deb12u1

To: Adrian Bunk <bunk@debian.org>, 1107568@bugs.debian.org
Cc: security@debian.org
Subject: Bug#1107568: bookworm-pu: package node-tar-fs/2.1.3-0+deb12u1
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 10 Jun 2025 20:52:30 +0200
Message-id: <[🔎] aEh-7hwKXAdoQ9i7@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1107568@bugs.debian.org
In-reply-to: <[🔎] 174950083287.1723463.4822215054425540703.reportbug@localhost>
References: <[🔎] 174950083287.1723463.4822215054425540703.reportbug@localhost> <[🔎] 174950083287.1723463.4822215054425540703.reportbug@localhost>

Control: tags -1 - moreinfo

Hi Adrian,

On Mon, Jun 09, 2025 at 11:27:12PM +0300, Adrian Bunk wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm moreinfo
> User: release.debian.org@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: security@debian.org, Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
> 
>   * New upstream release.
>     - CVE-2024-12905: symlink path traversal (Closes: #1101501)
>     - CVE-2025-48387: hardlink path traversal
> 
> The two new upstream releases contain each just one CVE fix.
> 
> Tagged moreinfo, as question to the security team whether they want
> this in pu or as DSA.

bookworm-pu is fine, thanks!

Regards,
Salvatore

Reply to:

References:
- Bug#1107568: bookworm-pu: package node-tar-fs/2.1.3-0+deb12u1
  - From: Adrian Bunk <bunk@debian.org>

Prev by Date: Bug#1107611: marked as done (unblock: pdfarranger/1.11.1-3)
Next by Date: Processed: Re: Bug#1107568: bookworm-pu: package node-tar-fs/2.1.3-0+deb12u1
Previous by thread: Bug#1107568: bookworm-pu: package node-tar-fs/2.1.3-0+deb12u1
Next by thread: Processed: Re: Bug#1107568: bookworm-pu: package node-tar-fs/2.1.3-0+deb12u1
Index(es):
- Date
- Thread