Rev 27 | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 27 | Rev 35 | ||
|---|---|---|---|
| Line -... | Line 1... | ||
| - | 1 | libtar (1.2.16-1+deb7u2) wheezy-security; urgency=low |
|
| - | 2 | ||
| - | 3 | * [SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any |
|
| - | 4 | pathname prefix containing ".." components (Closes: #731860). This is |
|
| - | 5 | done in th_get_pathname() (as well as to symlink targets when |
|
| - | 6 | extracting symlinks), not merely when extracting files, which means |
|
| - | 7 | applications calling that function will not see the stored |
|
| - | 8 | filename. There is no way to disable this behaviour, but it can be |
|
| - | 9 | expected that one will be provided when the issue is solved upstream. |
|
| - | 10 | ||
| - | 11 | -- Magnus Holmgren <holmgren@debian.org> Sun, 16 Feb 2014 19:12:18 +0100 |
|
| - | 12 | ||
| 1 | libtar (1.2.16-1+deb7u1) wheezy-security; urgency=low |
13 | libtar (1.2.16-1+deb7u1) wheezy-security; urgency=low |
| 2 | 14 | ||
| 3 | * [SECURITY] size_t-overflow_cve-2013-4397.patch: Fix CVE-2013-4397: |
15 | * [SECURITY] size_t-overflow_cve-2013-4397.patch: Fix CVE-2013-4397: |
| 4 | Integer overflow (Closes: #725938). |
16 | Integer overflow (Closes: #725938). |
| 5 | 17 | ||