-
tar (1.18-2ubuntu1.1) gutsy-security; urgency=low
* SECURITY UPDATE: stack-based buffer overflow with malicious tar files
- lib/paxnames.c: updated src/names.c to rewrite hash_string_prefix as
hash_string_insert_prefix and adjust safer_name_suffix to use
hash_string_insert_prefix to avoid stack allocation
- patch from upstream paxlib commits:
http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=b9199bbdefd32382953dd8c01ec881e5463c5a88
http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=64379227940699a92113e3fd7c583e705a1f849b
- CVE-2007-4476
- LP: #180299
-- Jamie Strandboge <email address hidden> Wed, 14 Jan 2009 11:06:24 -0600
-
tar (1.18-2ubuntu1) gutsy; urgency=low
* Build with -fgnu89-inline, fixes build failure with gcc-4.3. LP: 138674.
* Set Ubuntu maintainer address.
-- Matthias Klose <email address hidden> Wed, 12 Sep 2007 19:58:51 +0000
-
tar (1.18-2build1) gutsy; urgency=low
* Fake-sync because of a different orig.tar.gz.
tar (1.18-2) unstable; urgency=high
* patch from Neil Moore improving the man page, closes: #439916
* patch from Justin Pryzby improving the man page, closes: #433553
* patch from upstream to fix directory traversal concern on extraction
documented in (CVE-2007-4131), closes: #439335
* urgency to high since preceding bug has having security implications
-- Michael Bienia <email address hidden> Thu, 06 Sep 2007 00:57:45 +0200
-
tar (1.18-1build1) gutsy; urgency=low
* Pseudo sync, not matching .orig.tar.gz.
-- Matthias Klose <email address hidden> Mon, 13 Aug 2007 13:15:44 +0200
-
tar (1.18-0ubuntu1) gutsy; urgency=low
* New upstream version.
- Fixes build failure with glibc-2.6. Closes: #434015.
-- Matthias Klose <email address hidden> Wed, 01 Aug 2007 15:30:14 +0200
-
tar (1.16.1-1ubuntu1) gutsy; urgency=low
* Globally rename futimens to tar_futimens, so it doesn't clash with
the new glibc-2.6 symbol of the same name, causing build failures.
-- Adam Conrad <email address hidden> Mon, 30 Jul 2007 18:12:57 +1000
-
tar (1.16.1-1) unstable; urgency=low
* new upstream version, closes: #402179
* updated Russian translation from Yuriy Talakan, closes: #411613
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 27 Apr 2007 13:18:48 +0100
-
tar (1.16-2) unstable; urgency=high
* patch from Kees Cook via upstream to disable handling of GNUTYPE_NAMES
by default and add a new command-line switch --allow-name-mangling to
re-enable it, as a fix for directory traversal bug (CVE-2006-6097),
closes: #399845
-- Kees Cook <email address hidden> Mon, 18 Dec 2006 12:17:30 +0000