Subversion Repositories

?revision_form?Rev ?revision_input??revision_submit??revision_endform?

Rev 27 | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 27 Rev 35
Line -... Line 1...
-
 
1
libtar (1.2.16-1+deb7u2) wheezy-security; urgency=low
-
 
2
-
 
3
  * [SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any
-
 
4
    pathname prefix containing ".." components (Closes: #731860). This is
-
 
5
    done in th_get_pathname() (as well as to symlink targets when
-
 
6
    extracting symlinks), not merely when extracting files, which means
-
 
7
    applications calling that function will not see the stored
-
 
8
    filename. There is no way to disable this behaviour, but it can be
-
 
9
    expected that one will be provided when the issue is solved upstream.
-
 
10
-
 
11
 -- Magnus Holmgren <holmgren@debian.org>  Sun, 16 Feb 2014 19:12:18 +0100
-
 
12
1
libtar (1.2.16-1+deb7u1) wheezy-security; urgency=low
13
libtar (1.2.16-1+deb7u1) wheezy-security; urgency=low
2
14
3
  * [SECURITY] size_t-overflow_cve-2013-4397.patch: Fix CVE-2013-4397:
15
  * [SECURITY] size_t-overflow_cve-2013-4397.patch: Fix CVE-2013-4397:
4
    Integer overflow (Closes: #725938).
16
    Integer overflow (Closes: #725938).
5
17