subject:"Bug#992114\: bullseye\-pu\: package node\-tar\/6.0.5\+ds1\+\~cs11.3.9\-1\+deb11u1"

Bug#992114: bullseye-pu: package node-tar/6.0.5+ds1+~cs11.3.9-1+deb11u1

2021-10-01 Thread Adam D. Barratt

Control: tags -1 + confirmed On Wed, 2021-08-11 at 22:35 +0200, Yadd wrote: > node-tar is vulnerable to 2 CVE: > * #992110, CVE-2021-32803: arbitrary File Creation/Overwrite >vulnerability via insufficient symlink protection > * #992111, CVE-2021-32804: arbitrary File Creation/Overwrite >

Bug#992114: bullseye-pu: package node-tar/6.0.5+ds1+~cs11.3.9-1+deb11u1

2021-08-11 Thread Yadd

Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu [ Reason ] node-tar is vulnerable to 2 CVE: * #992110, CVE-2021-32803: arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection * #992111,