Package: tar Version: 1.15.1-2 Severity: critical Tags: security patch Hi!
A while ago an exploitable buffer overflow was published in tar [1]. Unfortunately this got commonly known only recently. You can get the patch (which was extracted from upstream CVS) from [2]. Woody's version is not affected, but Sarge's is. The patch applies cleanly to the Sarge version as well. Please add the CVE number to the changelog when you fix this. Thanks, Martin [1] http://lists.gnu.org/archive/html/bug-tar/2005-06/msg00029.html [2] http://patches.ubuntu.com/patches/tar.CVE-2006-0300.patch -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature
