Format: 1.7
Date: Wed, 14 Jan 2009 09:10:49 -0600
Source: tar
Binary: tar
Architecture: amd64_translations amd64
Version: 1.15.1-2ubuntu2.3
Distribution: dapper
Urgency: low
Maintainer: Ubuntu/amd64 Build Daemon <buildd@crested.buildd>
Changed-By: Jamie Strandboge <jamie@ubuntu.com>
Description: 
 tar        - GNU tar
Changes: 
 tar (1.15.1-2ubuntu2.3) dapper-security; urgency=low
 .
   * SECURITY UPDATE: stack-based buffer overflow with malicious tar files
     - src/names.c: updated src/names.c to rewrite hash_string_prefix as
       hash_string_insert_prefix and adjust safer_name_suffix to use
       hash_string_insert_prefix to avoid stack allocation
     - patch from upstream paxlib commits:
       http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=b9199bbdefd32382953dd8c01ec881e5463c5a88
       http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=64379227940699a92113e3fd7c583e705a1f849b
     - CVE-2007-4476
     - LP: #180299
   * adjust tests/pipe.at pipe the output from `tar xfv' through sort and
     regenerate tests/testsuite with autom4ke to get tests working again (how
     did it ever successfully build before?)
Files: 
 8bf4846b9b2108f42886784c794c01f6 532580 base required tar_1.15.1-2ubuntu2.3_amd64.deb
 7df1d4cc3bb9f483282a840ac91778b6 745600 raw-translations - tar_1.15.1-2ubuntu2.3_amd64_translations.tar.gz