-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 11 Nov 2021 09:00:28 +0100
Source: node-tar
Architecture: source
Version: 6.0.5+ds1+~cs11.3.9-1+deb11u2
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Javascript Maintainers <
pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Yadd <
yadd@debian.org>
Changes:
node-tar (6.0.5+ds1+~cs11.3.9-1+deb11u2) bullseye-security; urgency=medium
.
* Team upload
* Fix insufficient symlink protection (Closes: CVE-2021-37701)
* Fix arbitrary file creation/overwrite and arbitrary code execution
vulnerability (Closes: CVE-2021-37712)
* Don't apply umask when uncompressing to avoid creating world writable
directories
Checksums-Sha1:
1096e38cfb7681045c783c3ec02ba791508f258c 3602 node-tar_6.0.5+ds1+~cs11.3.9-1+deb11u2.dsc
24db077a0a6c3c707c576aa218cc18adef0d34ac 35270 node-tar_6.0.5+ds1+~cs11.3.9.orig-fs-minipass.tar.gz
601a95c4cb1d2976072c1720338de85757fc7a74 50240 node-tar_6.0.5+ds1+~cs11.3.9.orig-minipass.tar.gz
516fc8a8b9661b375ecb00113f1c6165dd43b623 186712 node-tar_6.0.5+ds1+~cs11.3.9.orig-minizlib.tar.gz
d680de60855e7778a51c672b755869a3b8d2889f 6436 node-tar_6.0.5+ds1+~cs11.3.9.orig-types-tar.tar.gz
4584c124b9210e4e1db8dca5ec1a48da8ffd9c93 190376 node-tar_6.0.5+ds1+~cs11.3.9.orig.tar.gz
0dc23bcb54e2d60eaba3fd1c20883a67425a6792 16412 node-tar_6.0.5+ds1+~cs11.3.9-1+deb11u2.debian.tar.xz
Checksums-Sha256:
13a20e64cdabf864fba437341d13d05ffb51358c1a345a0053c34a7e6543634e 3602 node-tar_6.0.5+ds1+~cs11.3.9-1+deb11u2.dsc
83cf7dc113dacdbe3a2d05753edde01c37256cc97167ea5a8086ab85a78f2efd 35270 node-tar_6.0.5+ds1+~cs11.3.9.orig-fs-minipass.tar.gz
496598d78b824ddb3116c4a4fe0123516b318eab820d0ee80cb892ef3ba0c4c9 50240 node-tar_6.0.5+ds1+~cs11.3.9.orig-minipass.tar.gz
296f5e559312e7a4dd871e1cdad27d50d9d0518a548ae870dffb678ff2ecae7e 186712 node-tar_6.0.5+ds1+~cs11.3.9.orig-minizlib.tar.gz
e59a412960136fd1b0a303a7284d849eec4de7658627083058c9caf1ebb28d03 6436 node-tar_6.0.5+ds1+~cs11.3.9.orig-types-tar.tar.gz
042ca18da6d5dfc2c41aa0169abac8ae70497fb5b340c8fe5b71aa47705606d9 190376 node-tar_6.0.5+ds1+~cs11.3.9.orig.tar.gz
9c7f680ad11f0162426f28fd194d099da73afda2b5925aa8ca8fc37326811113 16412 node-tar_6.0.5+ds1+~cs11.3.9-1+deb11u2.debian.tar.xz
Files:
065d86cdcd701735ee95ebba64457738 3602 javascript optional node-tar_6.0.5+ds1+~cs11.3.9-1+deb11u2.dsc
4885211b9cf2f530a54e6a725cc9556f 35270 javascript optional node-tar_6.0.5+ds1+~cs11.3.9.orig-fs-minipass.tar.gz
b49657e3714f92ab73a7deb5aca36f53 50240 javascript optional node-tar_6.0.5+ds1+~cs11.3.9.orig-minipass.tar.gz
389dc4b3f49e5c28a485f2243aa021c6 186712 javascript optional node-tar_6.0.5+ds1+~cs11.3.9.orig-minizlib.tar.gz
50edb82b89a507117b023acd19c4ba44 6436 javascript optional node-tar_6.0.5+ds1+~cs11.3.9.orig-types-tar.tar.gz
9bab2016cc7ba17b4cf688ce8910bde2 190376 javascript optional node-tar_6.0.5+ds1+~cs11.3.9.orig.tar.gz
3ed4e486e92bab65e7407f555c84ce9f 16412 javascript optional node-tar_6.0.5+ds1+~cs11.3.9-1+deb11u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmGNUrYACgkQ9tdMp8mZ 7unx2w/+PCwLIMmPRg9hxkISpNOoqE06Cm4RhmwlNAkDd8LJedTz5nRhFxvQ/EvM QsOSl1kAdrrfWSc/CNmMIL8RouKxue6s32m9sZ5QxHTrc1E7cTAHObA1u3URC0Bo FbL4G5eAOJBtC2+IPbAOJBxFHh660rOmdtyxp6oxmD43nnHfSFB4qGBHijuyrnXQ HOF+3FfV0lg66WY3vsMrLQdofuA5Js4Pr7ATlh/hzBJmsXcx9Sx8vTI1JQpCVkMe BXmJSAIbgxyIexPnLRx+S33ONjNHEnJb3pwkUrbNhz1omoBvE4yy6mHT/hA2/E7y ylohD+S0vjPb78HX7xH9WMs3Oid8ey7E+FU/PgwoowvppMfB0qBC95SkBQAmuPa/ 3J8YcbatTlgrZc3IQNEda0dZ+dyiSOyru0Qmvn3jr3AmQLasiPUdzvRJdv38HkmW EEI0cgpSj4bjAhk/8n/Olw3n2T23rKhp2YmTDQoSCUEtwBiiTDu5wlG2SihX6qRO qfBs5Wv9qT7S4sWPWgfeFPsWVXBJ+cJYZ9wLf7v0dm6lvHyDan5CmtVCtmobfeBb j9MjYm1T+FpnrWPO+M1tgb7fvGVL28MJKDDj90N0VXnsZR5OrJ1AQ60IRans/gFs FmHkq/Ss2F9Kg3icm41d11mh1Mjb3K88CLN5s8Ou0myM/d7Lv3U=
=b4YF
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)