libtar 1.2.20-3 source package in Ubuntu
Changelog
libtar (1.2.20-3) unstable; urgency=low
* no_maxpathlen.patch: Fix two grave bugs in the patch. First,
th_get_pathname would only allocate as much memory as was needed for
the first filename encountered, causing heap corruption when/if
encountering longer filenames later. Second, two variables were mixed
up in tar_append_tree(). Also, fix a potential memory leak and trim
the patch a bit.
* [SECURITY] CVE-2013-4420.patch: When the prefix field is in use, the
safer_name_suffix() function should certainly be applied to the
combination of it and the name field, not just on the name field.
* th_get_size-unsigned-int.patch: Make the th_get_size() macro cast the
result from oct_to_int() to unsigned int. This is the right fix for
bug #725938 on 64-bit systems, where a specially crafted tar file
would not cause an integer overflow, but a memory allocation of almost
16 exbibytes, which would certainly fail outright without harm.
-- Magnus Holmgren <email address hidden> Sat, 15 Feb 2014 23:51:51 +0100
Upload details
- Uploaded by:
- Magnus Holmgren
- Uploaded to:
- Sid
- Original maintainer:
- Magnus Holmgren
- Architectures:
- any
- Section:
- libs
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Trusty | release | universe | libs |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| libtar_1.2.20-3.dsc | 1.2 KiB | 06ec14140b5bfcef521fd7934be4d2ca8de7687dd4a30639bc6ac90a30db628f |
| libtar_1.2.20.orig.tar.gz | 62.1 KiB | 50f24c857a7ef1cb092e6508758b86d06f1188508f897f3e6b40c573e8879109 |
| libtar_1.2.20-3.debian.tar.xz | 9.7 KiB | f955c95c77b88a8efb5e87d4c6dce14d187f83abf3da4206ef8ff024687db83d |
Available diffs
- diff from 1.2.20-1 to 1.2.20-3 (6.6 KiB)
No changes file available.
Binary packages built by this source
- libtar-dev: C library for manipulating tar archives (development files)
Contains static library, headers, example code and development manpages
for libtar
- libtar0: C library for manipulating tar archives
libtar allows programs to create, extract and test tar archives.
It supports both the strict POSIX tar format and many of the commonly-used
GNU extensions.
