[ubuntu/noble-proposed] tar 1.34+dfsg-1.2ubuntu2 (Accepted)

Alex Murray alex.murray at canonical.com
Wed Dec 6 12:32:15 UTC 2023


tar (1.34+dfsg-1.2ubuntu2) noble; urgency=medium

  * SECURITY UPDATE: stack overflow via crafted xattr (LP: #2029464)
    - debian/patches/CVE-2023-39804.patch: allocate xattr keys and values
      on the heap rather than the stack in src/xheader.c
    - CVE-2023-39804

Date: Tue, 05 Dec 2023 15:39:15 +1030
Changed-By: Alex Murray <alex.murray at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/tar/1.34+dfsg-1.2ubuntu2
-------------- next part --------------
Format: 1.8
Date: Tue, 05 Dec 2023 15:39:15 +1030
Source: tar
Built-For-Profiles: noudeb
Architecture: source
Version: 1.34+dfsg-1.2ubuntu2
Distribution: noble
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Alex Murray <alex.murray at canonical.com>
Launchpad-Bugs-Fixed: 2029464
Changes:
 tar (1.34+dfsg-1.2ubuntu2) noble; urgency=medium
 .
   * SECURITY UPDATE: stack overflow via crafted xattr (LP: #2029464)
     - debian/patches/CVE-2023-39804.patch: allocate xattr keys and values
       on the heap rather than the stack in src/xheader.c
     - CVE-2023-39804
Checksums-Sha1:
 93149e382a4364c60e174ba5b57f54f9440ee14d 1797 tar_1.34+dfsg-1.2ubuntu2.dsc
 fdb3c31c341d9c7b8d598b4f211bf005a35e8dcf 21580 tar_1.34+dfsg-1.2ubuntu2.debian.tar.xz
 1675d567a2ba018f37a2e33a0e7ba80a0aa1a10e 6139 tar_1.34+dfsg-1.2ubuntu2_source.buildinfo
Checksums-Sha256:
 b516c1674668c27e5649f6140dac9d62125d20b68117b33c17cb8f8e4b9a3383 1797 tar_1.34+dfsg-1.2ubuntu2.dsc
 13e3e304465ea8b24361044b07f44b90a918f7ccf47ce93ceaa852cf2eb40882 21580 tar_1.34+dfsg-1.2ubuntu2.debian.tar.xz
 9b8f091572c11465b513e0afabc64882786aba93bd79e5d37156db9f30044743 6139 tar_1.34+dfsg-1.2ubuntu2_source.buildinfo
Files:
 8fb3d0fa6e625629e3ff8922cb82ee95 1797 utils required tar_1.34+dfsg-1.2ubuntu2.dsc
 808914937304b2b2b375eae8234df15b 21580 utils required tar_1.34+dfsg-1.2ubuntu2.debian.tar.xz
 369e2ec5f410729a2110eb79f1fa4e18 6139 utils required tar_1.34+dfsg-1.2ubuntu2_source.buildinfo
Original-Maintainer: Janos Lenart <ocsi at debian.org>


More information about the noble-changes mailing list