| 9,8 → 9,13 |
|---|
| * [SECURITY] CVE-2013-4420.patch: When the prefix field is in use, the |
| safer_name_suffix() function should certainly be applied to the |
| combination of it and the name field, not just on the name field. |
| * th_get_size-unsigned-int.patch: Make the th_get_size() macro cast the |
| result from oct_to_int() to unsigned int. This is the right fix for |
| bug #725938 on 64-bit systems, where a specially crafted tar file |
| would not cause an integer overflow, but a memory allocation of almost |
| 16 exbibytes, which would certainly fail outright without harm. |
| |
| -- Magnus Holmgren <holmgren@debian.org> Sat, 15 Feb 2014 23:21:56 +0100 |
| -- Magnus Holmgren <holmgren@debian.org> Sat, 15 Feb 2014 23:51:51 +0100 |
| |
| libtar (1.2.20-2) unstable; urgency=low |
| |