[ubuntu/trusty-proposed] libtar 1.2.20-3 (Accepted)
Colin Watson
cjwatson at canonical.com
Wed Feb 19 11:58:37 UTC 2014
libtar (1.2.20-3) unstable; urgency=low
* no_maxpathlen.patch: Fix two grave bugs in the patch. First,
th_get_pathname would only allocate as much memory as was needed for
the first filename encountered, causing heap corruption when/if
encountering longer filenames later. Second, two variables were mixed
up in tar_append_tree(). Also, fix a potential memory leak and trim
the patch a bit.
* [SECURITY] CVE-2013-4420.patch: When the prefix field is in use, the
safer_name_suffix() function should certainly be applied to the
combination of it and the name field, not just on the name field.
* th_get_size-unsigned-int.patch: Make the th_get_size() macro cast the
result from oct_to_int() to unsigned int. This is the right fix for
bug #725938 on 64-bit systems, where a specially crafted tar file
would not cause an integer overflow, but a memory allocation of almost
16 exbibytes, which would certainly fail outright without harm.
Date: 2014-02-16 04:21:23.920391+00:00
Changed-By: Magnus Holmgren <holmgren at debian.org>
Signed-By: Colin Watson <cjwatson at canonical.com>
https://launchpad.net/ubuntu/trusty/+source/libtar/1.2.20-3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list