Publishing details

Published on 2014-02-20
Copied from debian sid in Primary Archive for Debian GNU/Linux by Ubuntu Archive Auto-Sync (sponsored by Ubuntu Archive Robot)

Changelog

libtar (1.2.20-3) unstable; urgency=low


  * no_maxpathlen.patch: Fix two grave bugs in the patch. First,
    th_get_pathname would only allocate as much memory as was needed for
    the first filename encountered, causing heap corruption when/if
    encountering longer filenames later. Second, two variables were mixed
    up in tar_append_tree(). Also, fix a potential memory leak and trim
    the patch a bit.
  * [SECURITY] CVE-2013-4420.patch: When the prefix field is in use, the
    safer_name_suffix() function should certainly be applied to the
    combination of it and the name field, not just on the name field.
  * th_get_size-unsigned-int.patch: Make the th_get_size() macro cast the
    result from oct_to_int() to unsigned int. This is the right fix for
    bug #725938 on 64-bit systems, where a specially crafted tar file
    would not cause an integer overflow, but a memory allocation of almost
    16 exbibytes, which would certainly fail outright without harm.

 -- Magnus Holmgren <email address hidden>  Sat, 15 Feb 2014 23:51:51 +0100

Available diffs

diff from 1.2.20-1 to 1.2.20-3 (6.6 KiB)

Builds

Built packages

libtar-dev C library for manipulating tar archives (development files)

libtar0 C library for manipulating tar archives

Package files

libtar-dev_1.2.20-3_amd64.deb (34.9 KiB)
libtar-dev_1.2.20-3_arm64.deb (32.5 KiB)
libtar-dev_1.2.20-3_armhf.deb (32.0 KiB)
libtar-dev_1.2.20-3_i386.deb (34.4 KiB)
libtar-dev_1.2.20-3_powerpc.deb (33.6 KiB)
libtar-dev_1.2.20-3_ppc64el.deb (36.0 KiB)
libtar0_1.2.20-3_amd64.deb (17.6 KiB)
libtar0_1.2.20-3_arm64.deb (14.6 KiB)
libtar0_1.2.20-3_armhf.deb (14.8 KiB)
libtar0_1.2.20-3_i386.deb (17.9 KiB)
libtar0_1.2.20-3_powerpc.deb (16.4 KiB)
libtar0_1.2.20-3_ppc64el.deb (17.0 KiB)
libtar_1.2.20-3.debian.tar.xz (9.7 KiB)
libtar_1.2.20-3.dsc (1.2 KiB)
libtar_1.2.20.orig.tar.gz (62.1 KiB)