-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 11 Nov 2021 09:00:28 +0100 Source: node-tar Architecture: source Version: 6.0.5+ds1+~cs11.3.9-1+deb11u2 Distribution: bullseye-security Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org> Changed-By: Yadd <yadd@debian.org> Changes: node-tar (6.0.5+ds1+~cs11.3.9-1+deb11u2) bullseye-security; urgency=medium . * Team upload * Fix insufficient symlink protection (Closes: CVE-2021-37701) * Fix arbitrary file creation/overwrite and arbitrary code execution vulnerability (Closes: CVE-2021-37712) * Don't apply umask when uncompressing to avoid creating world writable directories Checksums-Sha1: 1096e38cfb7681045c783c3ec02ba791508f258c 3602 node-tar_6.0.5+ds1+~cs11.3.9-1+deb11u2.dsc 24db077a0a6c3c707c576aa218cc18adef0d34ac 35270 node-tar_6.0.5+ds1+~cs11.3.9.orig-fs-minipass.tar.gz 601a95c4cb1d2976072c1720338de85757fc7a74 50240 node-tar_6.0.5+ds1+~cs11.3.9.orig-minipass.tar.gz 516fc8a8b9661b375ecb00113f1c6165dd43b623 186712 node-tar_6.0.5+ds1+~cs11.3.9.orig-minizlib.tar.gz d680de60855e7778a51c672b755869a3b8d2889f 6436 node-tar_6.0.5+ds1+~cs11.3.9.orig-types-tar.tar.gz 4584c124b9210e4e1db8dca5ec1a48da8ffd9c93 190376 node-tar_6.0.5+ds1+~cs11.3.9.orig.tar.gz 0dc23bcb54e2d60eaba3fd1c20883a67425a6792 16412 node-tar_6.0.5+ds1+~cs11.3.9-1+deb11u2.debian.tar.xz Checksums-Sha256: 13a20e64cdabf864fba437341d13d05ffb51358c1a345a0053c34a7e6543634e 3602 node-tar_6.0.5+ds1+~cs11.3.9-1+deb11u2.dsc 83cf7dc113dacdbe3a2d05753edde01c37256cc97167ea5a8086ab85a78f2efd 35270 node-tar_6.0.5+ds1+~cs11.3.9.orig-fs-minipass.tar.gz 496598d78b824ddb3116c4a4fe0123516b318eab820d0ee80cb892ef3ba0c4c9 50240 node-tar_6.0.5+ds1+~cs11.3.9.orig-minipass.tar.gz 296f5e559312e7a4dd871e1cdad27d50d9d0518a548ae870dffb678ff2ecae7e 186712 node-tar_6.0.5+ds1+~cs11.3.9.orig-minizlib.tar.gz e59a412960136fd1b0a303a7284d849eec4de7658627083058c9caf1ebb28d03 6436 node-tar_6.0.5+ds1+~cs11.3.9.orig-types-tar.tar.gz 042ca18da6d5dfc2c41aa0169abac8ae70497fb5b340c8fe5b71aa47705606d9 190376 node-tar_6.0.5+ds1+~cs11.3.9.orig.tar.gz 9c7f680ad11f0162426f28fd194d099da73afda2b5925aa8ca8fc37326811113 16412 node-tar_6.0.5+ds1+~cs11.3.9-1+deb11u2.debian.tar.xz Files: 065d86cdcd701735ee95ebba64457738 3602 javascript optional node-tar_6.0.5+ds1+~cs11.3.9-1+deb11u2.dsc 4885211b9cf2f530a54e6a725cc9556f 35270 javascript optional node-tar_6.0.5+ds1+~cs11.3.9.orig-fs-minipass.tar.gz b49657e3714f92ab73a7deb5aca36f53 50240 javascript optional node-tar_6.0.5+ds1+~cs11.3.9.orig-minipass.tar.gz 389dc4b3f49e5c28a485f2243aa021c6 186712 javascript optional node-tar_6.0.5+ds1+~cs11.3.9.orig-minizlib.tar.gz 50edb82b89a507117b023acd19c4ba44 6436 javascript optional node-tar_6.0.5+ds1+~cs11.3.9.orig-types-tar.tar.gz 9bab2016cc7ba17b4cf688ce8910bde2 190376 javascript optional node-tar_6.0.5+ds1+~cs11.3.9.orig.tar.gz 3ed4e486e92bab65e7407f555c84ce9f 16412 javascript optional node-tar_6.0.5+ds1+~cs11.3.9-1+deb11u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmGNUrYACgkQ9tdMp8mZ 7unx2w/+PCwLIMmPRg9hxkISpNOoqE06Cm4RhmwlNAkDd8LJedTz5nRhFxvQ/EvM QsOSl1kAdrrfWSc/CNmMIL8RouKxue6s32m9sZ5QxHTrc1E7cTAHObA1u3URC0Bo FbL4G5eAOJBtC2+IPbAOJBxFHh660rOmdtyxp6oxmD43nnHfSFB4qGBHijuyrnXQ HOF+3FfV0lg66WY3vsMrLQdofuA5Js4Pr7ATlh/hzBJmsXcx9Sx8vTI1JQpCVkMe BXmJSAIbgxyIexPnLRx+S33ONjNHEnJb3pwkUrbNhz1omoBvE4yy6mHT/hA2/E7y ylohD+S0vjPb78HX7xH9WMs3Oid8ey7E+FU/PgwoowvppMfB0qBC95SkBQAmuPa/ 3J8YcbatTlgrZc3IQNEda0dZ+dyiSOyru0Qmvn3jr3AmQLasiPUdzvRJdv38HkmW EEI0cgpSj4bjAhk/8n/Olw3n2T23rKhp2YmTDQoSCUEtwBiiTDu5wlG2SihX6qRO qfBs5Wv9qT7S4sWPWgfeFPsWVXBJ+cJYZ9wLf7v0dm6lvHyDan5CmtVCtmobfeBb j9MjYm1T+FpnrWPO+M1tgb7fvGVL28MJKDDj90N0VXnsZR5OrJ1AQ60IRans/gFs FmHkq/Ss2F9Kg3icm41d11mh1Mjb3K88CLN5s8Ou0myM/d7Lv3U= =b4YF -----END PGP SIGNATURE-----
