-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 12 Dec 2022 03:26:51 +0100 Source: node-tar Architecture: source Version: 4.4.6+ds1-3+deb10u2 Distribution: buster-security Urgency: high Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org> Changed-By: Guilhem Moulin <guilhem@debian.org> Closes: 993981 Changes: node-tar (4.4.6+ds1-3+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2021-37701, CVE-2021-37712: Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links. (Closes: #993981) Checksums-Sha1: 12edbb9cdb13cbbe3ee09fe2868f58c9d3dc7562 2959 node-tar_4.4.6+ds1-3+deb10u2.dsc 89181bba1593d80beac8e34bd9cb53f83f143835 19923 node-tar_4.4.6+ds1.orig-fs-minipass.tar.gz e606be18cd38e18a3cbd3194f4260c0a5d98bc93 26230 node-tar_4.4.6+ds1.orig-minipass.tar.gz 3726d2be7f2d31060794b4799c4267c22864e921 70906 node-tar_4.4.6+ds1.orig-minizlib.tar.gz 5c6401cae770132db41dae7c7bfbd1ee854ee311 117354 node-tar_4.4.6+ds1.orig.tar.gz 97d0bfaf81350fb34320c99e781d8b48a86f48de 13472 node-tar_4.4.6+ds1-3+deb10u2.debian.tar.xz 111cea07d33a94bb3aec945d02f3bc73167d889a 10334 node-tar_4.4.6+ds1-3+deb10u2_amd64.buildinfo Checksums-Sha256: 562af14b36d02a5818456b40147e638236f1db8578e0898d8f0080a0b9865551 2959 node-tar_4.4.6+ds1-3+deb10u2.dsc 4e269ade84962245bc406307bfca5b17f133aa7b3ffef0ec20e1da0146ea16e5 19923 node-tar_4.4.6+ds1.orig-fs-minipass.tar.gz f0d416e13e154cce83a4b182b72500f842690261fee733881dec674afe4dcf3a 26230 node-tar_4.4.6+ds1.orig-minipass.tar.gz 56cb3562401292012ba7b5dbd09050ae985123b54826695af5a5999a54ee0d02 70906 node-tar_4.4.6+ds1.orig-minizlib.tar.gz 00203ae70ae683af8af8f7d78e5f136c8849cadf1e06c2adcbc3a3543899e9e8 117354 node-tar_4.4.6+ds1.orig.tar.gz c9211f6a76003b89356b3cbba93c8eca94c01bded59c9f5bd667283c703c49b2 13472 node-tar_4.4.6+ds1-3+deb10u2.debian.tar.xz 3ede9fe063d3fc9903c6eb01359f5d9a49e3d04ec95c16c40784591660643570 10334 node-tar_4.4.6+ds1-3+deb10u2_amd64.buildinfo Files: 02b83e7b101ea42988a62a887d372317 2959 javascript optional node-tar_4.4.6+ds1-3+deb10u2.dsc d4c190fefc77b35ca2fb3c4cd4905fa3 19923 javascript optional node-tar_4.4.6+ds1.orig-fs-minipass.tar.gz e1803c19a9cae3399b4f15fdd0a5728a 26230 javascript optional node-tar_4.4.6+ds1.orig-minipass.tar.gz 27291df62baca70aab0597e2eab98c0a 70906 javascript optional node-tar_4.4.6+ds1.orig-minizlib.tar.gz 4185236c078385fac2dbec242a3ad13d 117354 javascript optional node-tar_4.4.6+ds1.orig.tar.gz 45e57754273b3dd5300b559d44963abb 13472 javascript optional node-tar_4.4.6+ds1-3+deb10u2.debian.tar.xz d90cc9e51a2abbb929f76ec1bf259bc8 10334 javascript optional node-tar_4.4.6+ds1-3+deb10u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmOXG+EACgkQ05pJnDwh pVK2zw//U3yFu6pEFCYISCbYzgds9w1K3nLX1Nzy7MyLJWXz+Hvh6UevxjSadcBV sgQCsQ7eCCIf4l65zIwo1WqvHrghWKSkcAQwELaZoOP5YXr+N74rDWIOxpDrK2I5 K5OfjJppl42cZKiOGuET9km37faFCWSeaBGwf01DDAq37iMHb819TrK2FdpyQK00 Eerzwha6MUZD0TV/QX9NBxSEux/REER0Y0bFweCjrzttbo/iLxN5lKefmv8OfRca l46ju6JvaByD3B6rPMDvcQNSa+7sF6pWdwkN3XI5ow1+WLprRc8YxnF8OnowKWR4 KnS44riR4qdXXkqgbFr0rypjtb+EBYrliQ86ZZ+Ne94oYOlv6AoM2g0G/yX8VWC5 m2sJ8IHbjJMQMzZl/+Ggqv4Lhd8nyEnquzvzQiVzwVNR1i+/kDVannMzfnGFIYii Q9fvWX14k0LhOIVCXxOFW7gSzR4m/4DhuH1JxOkJfDOZniRz1u76wG2Cwz4MXv95 Vrs8yV2XAhmlhprSyM11L0/cklRn3Zp57mR7N+qvc2f6n7Q5wQVqnhH/vCkgNT4S HhIJOMdOPdnD9wqyGstXlwbuORwWKOvx39l9onNaVsQtW4cXFHMM8aXnYpz358be 7pob9A24GD+ggApuPtIiDXe83qB6NQdJT+eWm+1LMMCB2wdNz88= =614t -----END PGP SIGNATURE-----