Bug#1108866: unblock: node-tar-fs/3.0.9+~cs2.0.4-1

To: Salvatore Bonaccorso <carnil@debian.org>, 1108866@bugs.debian.org
Subject: Bug#1108866: unblock: node-tar-fs/3.0.9+~cs2.0.4-1
From: Yadd <yadd@debian.org>
Date: Sun, 6 Jul 2025 17:32:30 +0200
Message-id: <[🔎] eebd83c3-7d0b-4ce8-a047-ed2f6e7c7eb5@debian.org>
Reply-to: Yadd <yadd@debian.org>, 1108866@bugs.debian.org
In-reply-to: <[🔎] 175181024763.3499880.4282457242897464921.reportbug@eldamar.lan>
References: <[🔎] 175181024763.3499880.4282457242897464921.reportbug@eldamar.lan> <[🔎] 175181024763.3499880.4282457242897464921.reportbug@eldamar.lan>

On 7/6/25 15:57, Salvatore Bonaccorso wrote:

Package: release.debian.org
Severity: normal
X-Debbugs-Cc: node-tar-fs@packages.debian.org, Yadd <yadd@debian.org>, team@security.debian.org, carnil@debian.org
Control: affects -1 + src:node-tar-fs
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi Yadd, hi release team

node-tar-fs in trixie in vulnerable to CVE-2025-48387. The version
uploaded to unstable, node-tar-fs/3.0.9+~cs2.0.4-1 fixes the issue,
ubt cannot migrate automatically as it is a key package.

Yadd, was is your take on it?

Regards,
Salvatore

Hi,

I sent the whole explanation into #1108872. Thanks to have seen thismissing migration


Best regards,
Xavier

Reply to:

References:
- Bug#1108866: unblock: node-tar-fs/3.0.9+~cs2.0.4-1
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Bug#1108874: unblock: node-package-json/8.1.1-2
Next by Date: Bug#1108497: marked as done (unblock: pam/1.7.0-5)
Previous by thread: Processed: unblock: node-tar-fs/3.0.9+~cs2.0.4-1
Next by thread: Bug#1108866: marked as done (unblock: node-tar-fs/3.0.9+~cs2.0.4-1)
Index(es):
- Date
- Thread