-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6013-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 28, 2025 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : node-tar-fs CVE ID : CVE-2025-59343 It was discovered that the symlink validation in node-tar-fs, a Node.js module that provides filesystem-like access to tar files, could be bypassed. For the oldstable distribution (bookworm), this problem has been fixed in version 2.1.3-0+deb12u2. For the stable distribution (trixie), this problem has been fixed in version 3.0.9+~cs2.0.4-1+deb13u1. We recommend that you upgrade your node-tar-fs packages. For the detailed security status of node-tar-fs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/node-tar-fs Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmjZP28ACgkQEMKTtsN8 TjYF4Q/+PjEBnwuwx4pj4bgbxd4WMIdYBgrcHFeuC1UFWlw8FmP13DN4W87OwFNf kJPVW3hcNQIaSj5KhCzK9WOx/2v63vLCyLYh28PeqBu0glFafp+OtMJB8jm8D5+6 K5mvFC886BJHZxXH5drTs12+V4U8RSpAttTemCIylG8ZZ72aDxernnJsByNrNTai XAUWrwdw+WonYV/J+SUIqkM6AhmfNpq9a7PRdCkb45UlsUTc7pZHCJyoinM4vzvE wPOcuaVBwlCSioZvv74cBA+k1Yobo03lffTdcV4fx6KWaSaorb4vM3B+blFF5Ixg e0O+yaC/iRcvizCUF56K/JaR8u22nDM0BXRQBo4XcTYAm4H0qBSCBC0lzNTdhimI wEuD1GOLDbXtZEwbOqvC4FE1FGnBScl+EIiqkIpC0KEYekmT3hQUnqWynZy8Q0jF TwejUaVh4w9y/LOABAn3cR2HNP+JqvywQ/DrmF9vTaM5cZWel0J/0gSr9Cc1l/TF 4xKbCOLV/MWID6W/AVf11LEEOA43vwpyOYHsseiN29NR4FlSMJVBRDay1GjafYh9 RpteAeAllA2UdCWBCaRkeflW44HiTZ9u+y6SU19aCQuRXPCKk57q3KEtI/P2nJcH g5lGZe6ZXMqJsewVCu5XH9aKCqwbZnKP+MTcR1eyT3M70GLqi0Q= =YPYa -----END PGP SIGNATURE-----
