Rev 31 | Rev 36 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 31 | Rev 33 | ||
|---|---|---|---|
| Line 7... | Line 7... | ||
| 7 | up in tar_append_tree(). Also, fix a potential memory leak and trim | 7 | up in tar_append_tree(). Also, fix a potential memory leak and trim | 
| 8 | the patch a bit. | 8 | the patch a bit. | 
| 9 | * [SECURITY] CVE-2013-4420.patch: When the prefix field is in use, the | 9 | * [SECURITY] CVE-2013-4420.patch: When the prefix field is in use, the | 
| 10 | safer_name_suffix() function should certainly be applied to the | 10 | safer_name_suffix() function should certainly be applied to the | 
| 11 | combination of it and the name field, not just on the name field. | 11 | combination of it and the name field, not just on the name field. | 
| - | 12 | * th_get_size-unsigned-int.patch: Make the th_get_size() macro cast the | |
| - | 13 | result from oct_to_int() to unsigned int. This is the right fix for | |
| - | 14 | bug #725938 on 64-bit systems, where a specially crafted tar file | |
| - | 15 | would not cause an integer overflow, but a memory allocation of almost | |
| - | 16 | 16 exbibytes, which would certainly fail outright without harm. | |
| 12 | 17 | ||
| 13 | -- Magnus Holmgren <holmgren@debian.org> Sat, 15 Feb 2014 23:21:56 +0100 | 18 | -- Magnus Holmgren <holmgren@debian.org> Sat, 15 Feb 2014 23:51:51 +0100 | 
| 14 | 19 | ||
| 15 | libtar (1.2.20-2) unstable; urgency=low | 20 | libtar (1.2.20-2) unstable; urgency=low | 
| 16 | 21 | ||
| 17 | * no_static_buffers.patch: avoid using a static buffer in | 22 | * no_static_buffers.patch: avoid using a static buffer in | 
| 18 | th_get_pathname(). Taken from upstream. Needed for no_maxpathlen.patch. | 23 | th_get_pathname(). Taken from upstream. Needed for no_maxpathlen.patch. |