Changelog
tar (1.15.1-2ubuntu2.3) dapper-security; urgency=low
* SECURITY UPDATE: stack-based buffer overflow with malicious tar files
- src/names.c: updated src/names.c to rewrite hash_string_prefix as
hash_string_insert_prefix and adjust safer_name_suffix to use
hash_string_insert_prefix to avoid stack allocation
- patch from upstream paxlib commits:
http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=b9199bbdefd32382953dd8c01ec881e5463c5a88
http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=64379227940699a92113e3fd7c583e705a1f849b
- CVE-2007-4476
- LP: #180299
* adjust tests/pipe.at pipe the output from `tar xfv' through sort and
regenerate tests/testsuite with autom4ke to get tests working again (how
did it ever successfully build before?)
-- Jamie Strandboge <email address hidden> Wed, 14 Jan 2009 09:10:49 -0600