lp:debian/squeeze/libtar
- Get this branch:
- bzr branch lp:debian/squeeze/libtar
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 8. By Magnus Holmgren
-
* [SECURITY] CVE-2013-4420: Strip out leading slashes and any
pathname prefix containing ".." components (Closes: #731860). This is
done in th_get_pathname() (as well as to symlink targets when
extracting symlinks), not merely when extracting files, which means
applications calling that function will not see the stored
filename. There is no way to disable this behaviour, but it can be
expected that one will be provided when the issue is solved upstream.
* Make the th_get_size() macro cast the result from oct_to_int() to
unsigned int. This is the right fix for bug #725938 on 64-bit systems,
where a specially crafted tar file would not cause an integer
overflow, but a memory allocation of almost 16 exbibytes, which would
certainly fail outright without harm. - 7. By Magnus Holmgren
-
[SECURITY] Fix CVE-2013-4397: Integer overflow (Closes: #725938).
Patch from
http://repo.or. cz/w/libtar. git/commitdiff/ 45448e8bae671c2 f7e80b860ae0fc0 cedf2bdc04 - 5. By Julien Danjou
-
* New maintainer (Closes: #465889)
* Add missing binary-indep target in debian/rules (Closes: #395714)
* Use ${binary:Version} instead of Source-Version
* Bump standard version
* Switch to debhelper 5 - 3. By James A. Morrison
-
* Move libtar-dev to libdevel. (Closes: #188207)
* Fix potential memory leak.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)