subject:"Bug#992117\: buster\-pu\: package node\-tar\/4.4.6\+ds1\-3\+deb10u1"

Bug#992117: buster-pu: package node-tar/4.4.6+ds1-3+deb10u1

2021-09-30 Thread Adam D. Barratt

Control: tags -1 + confirmed On Thu, 2021-08-12 at 00:11 +0200, Yadd wrote: > node-tar is vulnerable to 2 CVE: > * #992110, CVE-2021-32803: arbitrary File Creation/Overwrite >vulnerability via insufficient symlink protection > * #992111, CVE-2021-32804: arbitrary File Creation/Overwrite >

Bug#992117: buster-pu: package node-tar/4.4.6+ds1-3+deb10u1

2021-08-11 Thread Yadd

Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu [ Reason ] node-tar is vulnerable to 2 CVE: * #992110, CVE-2021-32803: arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection * #992111,