Bug 29656 - nodejs-tar new security issues CVE-2021-37701 and CVE-2021-37712
Summary: nodejs-tar new security issues CVE-2021-37701 and CVE-2021-37712
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-11-12 21:39 CET by David Walser
Modified: 2021-11-25 00:47 CET (History)
2 users (show)

See Also:
Source RPM: nodejs-tar-6.0.5-1.mga8.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2021-11-12 21:39:44 CET
Debian has issued an advisory on November 11:
https://www.debian.org/security/2021/dsa-5008

The issues are fixed upstream in 6.1.9.

Mageia 8 is also affected.
David Walser 2021-11-12 21:39:58 CET

Status comment: (none) => Fixed upstream in 6.1.9
Whiteboard: (none) => MGA8TOO

Comment 1 Nicolas Lécureuil 2021-11-24 18:25:48 CET
fixed in cauldron + mga8. In addition i fixed 2 other  CVE

CVE-2021-32803, CVE-2021-32804, CVE-2021-37701 and CVE-2021-37712


src:
    - nodejs-tar-6.0.5-1.1.mga8

CC: (none) => mageia, smelror
Assignee: smelror => qa-bugs

Nicolas Lécureuil 2021-11-24 18:26:56 CET

Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8
Status comment: Fixed upstream in 6.1.9 => (none)

Comment 2 David Walser 2021-11-25 00:47:24 CET
Can you provide some URL references for the other CVEs?

Note You need to log in before you can comment on or make changes to this bug.