[Bug 75540] Please sync tar (main) from unstable (main)

Kees Cook kees at ubuntu.com
Tue Dec 12 23:44:43 GMT 2006


Public bug reported:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects distros/ubuntu/tar
 status confirmed
 subscribe ubuntu-archive

Please sync tar (main) from Debian unstable (main).

Changelog since current feisty version 1.16-1ubuntu1:

tar (1.16-2) unstable; urgency=high

  * patch from Kees Cook via upstream to disable handling of GNUTYPE_NAMES 
    by default and add a new command-line switch --allow-name-mangling to 
    re-enable it, as a fix for directory traversal bug (CVE-2006-6097), 
    closes: #399845

 -- Bdale Garbee <bdale at gag.com>  Fri,  1 Dec 2006 09:19:02 -0700


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFfz7lH/9LqRcGPm0RAsnlAJwKAFUYPMwX10Tvg1m7Vi48JAcH5QCcDYjM
9q/urCt5rK0nVKLUEBqVeGE=
=DPk4
-----END PGP SIGNATURE-----

** Affects: tar (Ubuntu)
     Importance: Undecided
         Status: Confirmed

-- 
Please sync tar (main) from unstable (main)
https://launchpad.net/bugs/75540



More information about the ubuntu-archive mailing list