Debian Package Tracker
Register | Log in
Subscribe

node-tar-fs

Node.js module that provides filesystem-like access to tar files

Choose email to subscribe with

general
  • source: node-tar-fs (main)
  • version: 3.0.8+~cs2.0.4-1
  • maintainer: Debian Javascript Maintainers (archive) (DMD)
  • uploaders: Paolo Greppi [DMD] – Andrius Merkys [DMD]
  • arch: all
  • std-ver: 4.7.2
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • oldstable: 2.1.1-2
  • stable: 2.1.1-6
  • testing: 3.0.8+~cs2.0.4-1
  • unstable: 3.0.8+~cs2.0.4-1
versioned links
  • 2.1.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.1.1-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.0.8+~cs2.0.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • node-tar-fs
action needed
Fails to build during reproducibility testing normal
A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!
Created: 2021-02-10 Last update: 2025-05-24 21:32
1 new commit since last upload, is it time to release? normal
vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:
commit d8d8d47c1eececa086f924dfda40a47ae256d5be
Author: Yadd <yadd@debian.org>
Date:   Mon Mar 31 07:42:35 2025 +0200

    Keep previous test from 2.1.1 with tape
Created: 2025-03-31 Last update: 2025-05-20 05:02
1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:
  • CVE-2024-12905: (needs triaging) An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package. This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-03-28 Last update: 2025-04-10 11:00
news
[rss feed]
  • [2025-04-03] node-tar-fs 3.0.8+~cs2.0.4-1 MIGRATED to testing (Debian testing watch)
  • [2025-03-30] Accepted node-tar-fs 3.0.8+~cs2.0.4-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
  • [2021-11-05] node-tar-fs 2.1.1-6 MIGRATED to testing (Debian testing watch)
  • [2021-11-02] Accepted node-tar-fs 2.1.1-6 (source) into unstable (Yadd) (signed by: Xavier Guimard)
  • [2021-09-24] Accepted node-tar-fs 2.1.1-4 (source all) into unstable (Debian Janitor) (signed by: Jelmer Vernooij)
  • [2021-09-21] node-tar-fs 2.1.1-3 MIGRATED to testing (Debian testing watch)
  • [2021-09-15] Accepted node-tar-fs 2.1.1-3 (source) into unstable (Debian Janitor) (signed by: Jelmer Vernooij)
  • [2021-02-10] node-tar-fs 2.1.1-2 MIGRATED to testing (Debian testing watch)
  • [2021-02-05] Accepted node-tar-fs 2.1.1-2 (source) into unstable (Andrius Merkys)
  • [2021-02-04] Accepted node-tar-fs 2.1.1-1 (source all) into unstable, unstable (Debian FTP Masters) (signed by: Andrius Merkys)
bugs [bug history graph]
  • all: 0
links
  • homepage
  • lintian
  • buildd: logs, reproducibility
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • debian patches
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 3.0.8+~cs2.0.4-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing