Accepted tar 1.15.1-2ubuntu1 (source)
Martin Pitt
martin.pitt at ubuntu.com
Thu Feb 23 10:20:10 GMT 2006
Accepted:
OK: tar_1.15.1-2ubuntu1.dsc
-> Component: main Section: base
OK: tar_1.15.1-2ubuntu1.diff.gz
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 23 Feb 2006 11:07:05 +0100
Source: tar
Binary: tar
Architecture: source
Version: 1.15.1-2ubuntu1
Distribution: dapper
Urgency: low
Maintainer: Bdale Garbee <bdale at gag.com>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
tar - GNU tar
Changes:
tar (1.15.1-2ubuntu1) dapper; urgency=low
.
* SECURITY UPDATE: Arbitrary code execution with crafted tar files.
* src/xheader.c:
- Add a new function decode_num() which wraps xstrtoumax() and adds
boundary and sanity checking.
- Use decode_num() instead of xstrtoumax() in the code to avoid buffer
overflows on excessively large field values like GNU.sparse.numblocks.
- Patch taken from upstream CVS.
* CVE-2006-0300
Files:
136b7ce3f450d89b62f28c46a558c040 572 base required tar_1.15.1-2ubuntu1.dsc
aca2c5984967bc43f14eb8ff0afb3077 28922 base required tar_1.15.1-2ubuntu1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (GNU/Linux)
iD8DBQFD/YpvDecnbV4Fd/IRAhisAKCFXiNgM8NQS1DKoAlpK7cxcQ0ScgCeMGZ6
H5LvLd/+hbJn7NZjT2Dsv5s=
=waqO
-----END PGP SIGNATURE-----
More information about the dapper-changes
mailing list