[ubuntu/oracular-security] libtar 1.2.20-8.1ubuntu0.24.10.1 (Accepted)
Eduardo Barretto
eduardo.barretto at canonical.com
Mon Mar 31 15:18:30 UTC 2025
libtar (1.2.20-8.1ubuntu0.24.10.1) oracular-security; urgency=medium
* SECURITY UPDATE: Out of bounds read when header struct is 0
- debian/patches/CVE-2021-33643_33644.patch: Ensure that sz is
greater than 0.
- CVE-2021-33643
- CVE-2021-33644
* SECURITY UPDATE: Memory leak from failing to free
t->th_buf.gnu_longlink
- debian/patches/CVE-2021-33645_33646.patch: fix memory leak
- CVE-2021-33645
- CVE-2021-33646
Date: 2025-03-28 19:12:32.693562+00:00
Changed-By: John Breton <john.breton at canonical.com>
Signed-By: Eduardo Barretto <eduardo.barretto at canonical.com>
https://launchpad.net/ubuntu/+source/libtar/1.2.20-8.1ubuntu0.24.10.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the oracular-changes
mailing list