1 issue left for the package maintainer to handle:
CVE-2021-38511:
(needs triaging)
An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.
Among the 2 debian patches
available in version 0.4.38-1 of the package,
we noticed the following issues:
2 patches
where the metadata indicates that the patch has not yet been forwarded
upstream. You should either forward the patch upstream or update the
metadata to document its real status.