On Tue, Jan 13, 2015 at 4:58 AM, Daniel Cegiełka <daniel.cegie...@gmail.com> wrote: > http://www.openwall.com/lists/oss-security/2015/01/07/5 > > Does someone can confirm this vulnerability? It's probably the problem > of "OpenBSD-derived (?) pax".
Thanks for bringing this to our attention! After much thrashing around, I believe I've got the tar issues addressed in -current. We probably won't add an option for cpio to match tar's -P option (we aren't big fans of --long-options and what masochist uses cpio for anything but a historical application?), but adding a -o suboption to pax to match tar's -P is probably in order. Let me know if you find I've missed anything. Errata for 5.5/5.6 will occur when travel interruptions permit. Philip Guenther
