node-tar-fs - Debian Package Tracker

general

source: node-tar-fs (main)
version: 3.0.8+~cs2.0.4-1
maintainer: Debian Javascript Maintainers (archive) (DMD)
uploaders: Paolo Greppi [DMD] – Andrius Merkys [DMD]
arch: all
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 2.1.1-2
stable: 2.1.1-6
testing: 3.0.8+~cs2.0.4-1
unstable: 3.0.8+~cs2.0.4-1

versioned links

2.1.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1.1-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.0.8+~cs2.0.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

node-tar-fs

action needed

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2024-12905: An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package. This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.

Created: 2025-03-28 Last update: 2025-04-02 13:00

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2021-02-10 Last update: 2025-04-06 03:34

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit d8d8d47c1eececa086f924dfda40a47ae256d5be
Author: Yadd <yadd@debian.org>
Date:   Mon Mar 31 07:42:35 2025 +0200

    Keep previous test from 2.1.1 with tape

Created: 2025-03-31 Last update: 2025-03-31 06:32

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2024-12905: (needs triaging) An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package. This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-03-28 Last update: 2025-04-02 13:00

news

[rss feed]

[2025-04-03] node-tar-fs 3.0.8+~cs2.0.4-1 MIGRATED to testing (Debian testing watch)
[2025-03-30] Accepted node-tar-fs 3.0.8+~cs2.0.4-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2021-11-05] node-tar-fs 2.1.1-6 MIGRATED to testing (Debian testing watch)
[2021-11-02] Accepted node-tar-fs 2.1.1-6 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2021-09-24] Accepted node-tar-fs 2.1.1-4 (source all) into unstable (Debian Janitor) (signed by: Jelmer Vernooij)
[2021-09-21] node-tar-fs 2.1.1-3 MIGRATED to testing (Debian testing watch)
[2021-09-15] Accepted node-tar-fs 2.1.1-3 (source) into unstable (Debian Janitor) (signed by: Jelmer Vernooij)
[2021-02-10] node-tar-fs 2.1.1-2 MIGRATED to testing (Debian testing watch)
[2021-02-05] Accepted node-tar-fs 2.1.1-2 (source) into unstable (Andrius Merkys)
[2021-02-04] Accepted node-tar-fs 2.1.1-1 (source all) into unstable, unstable (Debian FTP Masters) (signed by: Andrius Merkys)

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.1.1-6