On 7/6/25 15:57, Salvatore Bonaccorso wrote:
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: node-tar...@packages.debian.org, Yadd <y...@debian.org>,
t...@security.debian.org, car...@debian.org
Control: affects -1 + src:node-tar-fs
User: release.debian....@packages.debian.org
Usertags: unblock
Hi Yadd, hi release team
node-tar-fs in trixie in vulnerable to CVE-2025-48387. The version
uploaded to unstable, node-tar-fs/3.0.9+~cs2.0.4-1 fixes the issue,
ubt cannot migrate automatically as it is a key package.
Yadd, was is your take on it?
Regards,
Salvatore
Hi,
I sent the whole explanation into #1108872. Thanks to have seen this
missing migration
Best regards,
Xavier
