Launchpad has imported 12 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=280961.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2007-09-06T17:01:45+00:00 Tomas wrote: Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4476 to the following vulnerability: Bug in the safer_name_suffix function in GNU tar may lead to a "crashing stack". It can be used to crash tar while extracting archive containing file with long name containing unsafe prefix. Affected function is also part of cpio source code. References: http://www.novell.com/linux/security/advisories/2007_18_sr.html http://lists.gnu.org/archive/html/bug-cpio/2007-08/msg00002.html Reply at: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/0 ------------------------------------------------------------------------ On 2007-09-06T17:05:50+00:00 Tomas wrote: Upstream patch for paxutils / paxlib (used by recent versions of tar and cpio): http://cvs.savannah.gnu.org/viewvc/paxutils/paxutils/paxlib/names.c?r1=1.2&r2=1.4 Reply at: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/1 ------------------------------------------------------------------------ On 2007-10-24T15:35:04+00:00 Radek wrote: Created attachment 236281 patch for cpio-2.6 this patch should work for all affected software as the rest of patch from comment #1 are just optimizations for memory usage (one malloc less) Reply at: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/2 ------------------------------------------------------------------------ On 2007-10-24T15:40:00+00:00 Radek wrote: Fedora builds of fixed tar are now complete (with the patch from upstream): tar-1.15.1-27.fc6 tar-1.15.1-28.fc7 tar-1.17-4.fc8 tar-1.17-4.fc9 Reply at: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/3 ------------------------------------------------------------------------ On 2007-10-29T19:02:36+00:00 Fedora wrote: tar-1.15.1-28.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/4 ------------------------------------------------------------------------ On 2007-11-01T18:43:20+00:00 Radek wrote: Created attachment 245931 new patch for cpio-2.6 (this one frees malloc'd memory) Reply at: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/5 ------------------------------------------------------------------------ On 2007-11-02T13:44:11+00:00 Radek wrote: fixed Fedora builds of cpio: cpio-2.6-22.fc6 cpio-2.6-28.fc7 cpio-2.9-5.fc8 cpio-2.9-5.fc9 Reply at: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/6 ------------------------------------------------------------------------ On 2007-11-05T15:06:18+00:00 Fedora wrote: cpio-2.6-28.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/7 ------------------------------------------------------------------------ On 2007-11-06T16:05:52+00:00 Fedora wrote: tar-1.17-4.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/8 ------------------------------------------------------------------------ On 2007-11-06T16:08:27+00:00 Fedora wrote: cpio-2.9-5.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/9 ------------------------------------------------------------------------ On 2010-03-15T23:55:40+00:00 errata-xmlrpc wrote: This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2010:0141 https://rhn.redhat.com/errata/RHSA-2010-0141.html Reply at: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/18 ------------------------------------------------------------------------ On 2010-03-16T01:15:30+00:00 errata-xmlrpc wrote: This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0144 https://rhn.redhat.com/errata/RHSA-2010-0144.html Reply at: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/19 ** Changed in: fedora Status: Confirmed => Fix Released ** Changed in: fedora Importance: Unknown => Low -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/180299 Title: [tar] [CVE-2007-4476] Buffer overflow To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
