-
tar (1.30+dfsg-7ubuntu0.20.04.4) focal-security; urgency=medium
* SECURITY UPDATE: stack overflow via crafted xattr (LP: #2029464)
- debian/patches/CVE-2023-39804.patch: allocate xattr keys and values
on the heap rather than the stack in src/xheader.c
- CVE-2023-39804
-- Alex Murray <email address hidden> Tue, 05 Dec 2023 15:46:50 +1030
-
tar (1.30+dfsg-7ubuntu0.20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: one-byte out of bounds
- debian/patches/CVE-2022-48303.patch: check limit in
src/list.c.
- CVE-2022-48303
-- Leonidas Da Silva Barbosa <email address hidden> Thu, 09 Feb 2023 14:17:35 -0300
-
tar (1.30+dfsg-7ubuntu0.20.04.2) focal-security; urgency=medium
* SECURITY UPDATE: Denial of service (LP: #1912091)
- debian/patches/CVE-2021-20193.patch: in read_header method in
src/list.c, change the return value to be the value of status
and break the execution, jumping to free next_long_name and
next_long_link before returning.
- CVE-2021-20193
-- Rodrigo Figueiredo Zaiden <email address hidden> Tue, 15 Mar 2022 09:59:59 -0300
-
tar (1.30+dfsg-7ubuntu0.20.04.1) focal-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2019-9923.patch: Check for NULL return value from
find_next_block in src/sparse.c.
- CVE-2019-9923
-- Avital Ostromich <email address hidden> Tue, 15 Dec 2020 20:38:40 -0500
-
tar (1.30+dfsg-7) unstable; urgency=medium
* remove libattr1-dev build-dep, as we no longer use it, closes: #953902
-- Bdale Garbee <email address hidden> Sat, 14 Mar 2020 14:24:29 -0600
-
tar (1.30+dfsg-6) unstable; urgency=medium
* eliminate ancient prerm cleanup code that breaks with merged /usr,
and is no longer considered useful, closes: #926722
-- Bdale Garbee <email address hidden> Tue, 23 Apr 2019 10:05:54 -0600
