WebSVN - Log - Rev 37 - /tags/1.2.20-4/debian/patches/CVE-2013-4420.patch

Rev	Age	Author	Path	Log message	Changes
37	3683d 23h	magnus	/tags/1.2.20-4/	[svn-buildpackage] Tagging libtar 1.2.20-4	/tags/1.2.20-4
32	3760d 20h	magnus	/trunk/debian/patches/	Add stdlib.h for malloc() in lib/decode.c	/trunk/debian/patches/CVE-2013-4420.patch<br/>/trunk/debian/patches/no_maxpathlen.patch<br/>/trunk/debian/patches/no_static_buffers.patch
31	3760d 20h	magnus	/trunk/debian/	[SECURITY] CVE-2013-4420.patch: When the prefix field is in use, the safer_name_suffix() function should certainly be applied to the combination of it and the name field, not just on the name field.	/trunk/debian/changelog<br/>/trunk/debian/patches/CVE-2013-4420.patch
24	3760d 21h	magnus	/trunk/debian/	[SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any pathname prefix containing ".." components (Closes: #731860). This is done in th_get_pathname() (as well as to symlink targets when extracting symlinks), not merely when extracting files, which means applications calling that function will not see the stored filename. There is no way to disable this behaviour, but it can be expected that one will be provided when the issue is solved upstream.	/trunk/debian/patches/CVE-2013-4420.patch /trunk/debian/changelog<br/>/trunk/debian/patches/series

Subversion Repositories