[Git][security-tracker-team/security-tracker][master] Reserve DLA-4214-1 for node-tar-fs
Adrian Bunk (@bunk)
bunk at debian.org
Wed Jun 11 21:51:51 BST 2025
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8a436cc6 by Adrian Bunk at 2025-06-11T23:51:37+03:00
Reserve DLA-4214-1 for node-tar-fs
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -25312,7 +25312,6 @@ CVE-2024-55070 (A Broken Object Level Authorization vulnerability in the compone
CVE-2024-12905 (An Improper Link Resolution Before File Access ("Link Following") and ...)
- node-tar-fs 3.0.8+~cs2.0.4-1 (bug #1101501)
[bookworm] - node-tar-fs <no-dsa> (Minor issue)
- [bullseye] - node-tar-fs <postponed> (Minor issue)
NOTE: https://github.com/advisories/GHSA-pq67-2wwv-3xjx
NOTE: https://github.com/mafintosh/tar-fs/commit/fd1634e869e7c5f85948e95eabdaa8451a085de5 (v2.1.2)
NOTE: https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed (v3.0.7)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[11 Jun 2025] DLA-4214-1 node-tar-fs - security update
+ {CVE-2024-12905 CVE-2025-48387}
+ [bullseye] - node-tar-fs 2.1.3-0+deb11u1
[11 Jun 2025] DLA-4213-1 curl - regression update
[bullseye] - curl 7.74.0-1.3+deb11u15
[09 Jun 2025] DLA-4212-1 modsecurity-apache - security update
=====================================
data/dla-needed.txt
=====================================
@@ -263,9 +263,6 @@ node-formidable
node-prismjs
NOTE: 20250303: Added by Front-Desk (rouca)
--
-node-tar-fs (Adrian Bunk)
- NOTE: 20250609: Added by Front-Desk (rouca)
---
nsis
NOTE: 20250422: Added by Front-Desk (rouca)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a436cc6d001cf3c171d2938db746557a27d12b2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a436cc6d001cf3c171d2938db746557a27d12b2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250611/40955fe2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list