Rev 30 | Rev 36 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 30 | Rev 31 | ||
---|---|---|---|
Line 4... | Line 4... | ||
4 | th_get_pathname would only allocate as much memory as was needed for |
4 | th_get_pathname would only allocate as much memory as was needed for |
5 | the first filename encountered, causing heap corruption when/if |
5 | the first filename encountered, causing heap corruption when/if |
6 | encountering longer filenames later. Second, two variables were mixed |
6 | encountering longer filenames later. Second, two variables were mixed |
7 | up in tar_append_tree(). Also, fix a potential memory leak and trim |
7 | up in tar_append_tree(). Also, fix a potential memory leak and trim |
8 | the patch a bit. |
8 | the patch a bit. |
- | 9 | * [SECURITY] CVE-2013-4420.patch: When the prefix field is in use, the |
|
- | 10 | safer_name_suffix() function should certainly be applied to the |
|
- | 11 | combination of it and the name field, not just on the name field. |
|
9 | 12 | ||
10 | -- Magnus Holmgren <holmgren@debian.org> Sat, 15 Feb 2014 21:54:56 +0100 |
13 | -- Magnus Holmgren <holmgren@debian.org> Sat, 15 Feb 2014 23:21:56 +0100 |
11 | 14 | ||
12 | libtar (1.2.20-2) unstable; urgency=low |
15 | libtar (1.2.20-2) unstable; urgency=low |
13 | 16 | ||
14 | * no_static_buffers.patch: avoid using a static buffer in |
17 | * no_static_buffers.patch: avoid using a static buffer in |
15 | th_get_pathname(). Taken from upstream. Needed for no_maxpathlen.patch. |
18 | th_get_pathname(). Taken from upstream. Needed for no_maxpathlen.patch. |