-
tar (1.16-2ubuntu0.1) feisty-security; urgency=low
* SECURITY UPDATE: directory traversal with malicious tar files.
* src/names.c: adjust dot dot checking, patched inline.
* References
CVE-2007-4131
-- Kees Cook <email address hidden> Tue, 28 Aug 2007 09:45:12 -0700
-
tar (1.16-2) unstable; urgency=high
* patch from Kees Cook via upstream to disable handling of GNUTYPE_NAMES
by default and add a new command-line switch --allow-name-mangling to
re-enable it, as a fix for directory traversal bug (CVE-2006-6097),
closes: #399845
-- Kees Cook <email address hidden> Mon, 18 Dec 2006 12:17:30 +0000
-
tar (1.16-1ubuntu1) feisty; urgency=low
* SECURITY UPDATE: files can be overwritten/renamed in any writable location
in the filesystem via GNUTYPE_NAMES type.
* src/extract.c: disable GNUTYPE_NAMES type processing by default since it
allows for immediate symlink creation and renames.
* src/common.h, src/tar.c: add --allow-name-mangling option to restore
default behavior.
* References
http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html
-- Kees Cook <email address hidden> Wed, 22 Nov 2006 19:46:54 -0800
-
tar (1.16-1) unstable; urgency=medium
* new upstream version, closes: #376816, #363943, #377124, #377330
* fix for buffer overflow in test suite, closes: #377557
* force a clean in the tests directory before running the test suite, seems
to work around test suite repeatability problems, closes: #377330, #379393
* accept patch from Raphael Bossek to zero nanoseconds, closes: #329843
* update man page to reflect change in -l definition and other misc changes
to options since man page was last updated,
closes: #384508, #391718, 361932, #315506
* stop delivering upstream README, closes: #323232
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 08 Nov 2006 19:47:13 +0000
-
tar (1.15.91-2) unstable; urgency=low
* add a NEWS.Debian file that communicates the change in wildcard processing
* re-institute the patch for filenames that are exactly 100 characters in
length originally reported in #230910, closes: #376909
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 10 Jul 2006 12:36:49 +0100