5,8 → 5,15 |
* maxpathlen.patch: Fix FTBFS on Hurd by dynamically allocating path |
names (Closes: #657116). Thanks to Svante Signell and Petter |
Reinholdtsen. |
* [SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any |
pathname prefix containing ".." components (Closes: #731860). This is |
done in th_get_pathname() (as well as to symlink targets when |
extracting symlinks), not merely when extracting files, which means |
applications calling that function will not see the stored |
filename. There is no way to disable this behaviour, but it can be |
expected that one will be provided when the issue is solved upstream. |
|
-- Magnus Holmgren <holmgren@debian.org> Thu, 13 Feb 2014 21:20:23 +0100 |
-- Magnus Holmgren <holmgren@debian.org> Sat, 15 Feb 2014 21:20:03 +0100 |
|
libtar (1.2.20-1) unstable; urgency=high |
|