package release.debian.org tags 1131776 = trixie pending thanks Hi,
The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian trixie. Thanks for your contribution! Upload details ============== Package: node-tar Version: 6.2.1+~cs7.0.8-1+deb13u1 Explanation: properly sanitize absolute linkpaths [CVE-2026-23745]; normalize out unicode ligatures [CVE-2026-23950]; properly sanitize hard links containing '..' [CVE-2026-24842]; prevent hardlinking to files outside the extraction root [CVE-2026-26960]; strip leading '/' before sanitizing '..' [CVE-2026-29786]; prevent escaping symlinks with drive-relative paths [CVE-2026-31802]
