Ubuntu
tar package

  1. Bug #1912091
  2. Comment #5

Comment 5 for bug 1912091

Revision history for this message
Rodrigo Figueiredo Zaiden (rodrigo-zaiden) wrote (last edit ):

This bug was fixed in the tagged releases
https://ubuntu.com/security/notices/USN-5329-1

General changelog:
  * SECURITY UPDATE: Denial of service (LP: #1912091)
    - debian/patches/CVE-2021-20193.patch: in read_header method in
      src/list.c, change the return value to be the value of status
      and break the execution, jumping to free next_long_name and
      next_long_link before returning.
    - CVE-2021-20193