Format: 1.7
Date: Wed, 14 Jan 2009 09:10:49 -0600
Source: tar
Binary: tar
Architecture: hppa_translations hppa
Version: 1.15.1-2ubuntu2.3
Distribution: dapper
Urgency: low
Maintainer: Ubuntu/hppa Build Daemon <buildd@primero.buildd>
Changed-By: Jamie Strandboge <jamie@ubuntu.com>
Description: 
 tar        - GNU tar
Changes: 
 tar (1.15.1-2ubuntu2.3) dapper-security; urgency=low
 .
   * SECURITY UPDATE: stack-based buffer overflow with malicious tar files
     - src/names.c: updated src/names.c to rewrite hash_string_prefix as
       hash_string_insert_prefix and adjust safer_name_suffix to use
       hash_string_insert_prefix to avoid stack allocation
     - patch from upstream paxlib commits:
       http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=b9199bbdefd32382953dd8c01ec881e5463c5a88
       http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=64379227940699a92113e3fd7c583e705a1f849b
     - CVE-2007-4476
     - LP: #180299
   * adjust tests/pipe.at pipe the output from `tar xfv' through sort and
     regenerate tests/testsuite with autom4ke to get tests working again (how
     did it ever successfully build before?)
Files: 
 0ba3226c453b25b21d04a807fb9ee29c 546690 base required tar_1.15.1-2ubuntu2.3_hppa.deb
 b2bab855f70847b1d1af0282c1a99af4 745603 raw-translations - tar_1.15.1-2ubuntu2.3_hppa_translations.tar.gz