On Sun, Sep 09, 2007 at 10:28:49AM +0200, Sylvain Beucler wrote:
> Until there's a proper security update, we can temporarily backport
> Lenny's version.
Done.
--
Sylvain
On Sun, Sep 09, 2007 at 09:45:31AM +0200, Jim Meyering wrote:
> [deliberately not sent to the -public list]
Hmm, except that savannah-hackers is the historical alias to
savannah-help-public, but who cares? ;)
http://savannah.gnu.org/maintenance/SavannahHackersCommunication
> Hi guys,
>
> You've
[deliberately not sent to the -public list]
Hi guys,
You've probably heard about the latest exploitable tar bug: If you
unpack a malicious tar archive, it can overwrite (through e.g., ../..)
any number of your key files with tarball-supplied contents. Fixed only
recently in GNU tar for the upcomi
