[Bug 75540] Please sync tar (main) from unstable (main)
Kees Cook
kees at ubuntu.com
Tue Dec 12 23:44:43 GMT 2006
Public bug reported:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
affects distros/ubuntu/tar
status confirmed
subscribe ubuntu-archive
Please sync tar (main) from Debian unstable (main).
Changelog since current feisty version 1.16-1ubuntu1:
tar (1.16-2) unstable; urgency=high
* patch from Kees Cook via upstream to disable handling of GNUTYPE_NAMES
by default and add a new command-line switch --allow-name-mangling to
re-enable it, as a fix for directory traversal bug (CVE-2006-6097),
closes: #399845
-- Bdale Garbee <bdale at gag.com> Fri, 1 Dec 2006 09:19:02 -0700
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFfz7lH/9LqRcGPm0RAsnlAJwKAFUYPMwX10Tvg1m7Vi48JAcH5QCcDYjM
9q/urCt5rK0nVKLUEBqVeGE=
=DPk4
-----END PGP SIGNATURE-----
** Affects: tar (Ubuntu)
Importance: Undecided
Status: Confirmed
--
Please sync tar (main) from unstable (main)
https://launchpad.net/bugs/75540
More information about the ubuntu-archive
mailing list