lp:debian/squeeze/libtar

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

8. By Magnus Holmgren on 2014-02-16

* [SECURITY] CVE-2013-4420: Strip out leading slashes and any
  pathname prefix containing ".." components (Closes: #731860). This is
  done in th_get_pathname() (as well as to symlink targets when
  extracting symlinks), not merely when extracting files, which means
  applications calling that function will not see the stored
  filename. There is no way to disable this behaviour, but it can be
  expected that one will be provided when the issue is solved upstream.
* Make the th_get_size() macro cast the result from oct_to_int() to
  unsigned int. This is the right fix for bug #725938 on 64-bit systems,
  where a specially crafted tar file would not cause an integer
  overflow, but a memory allocation of almost 16 exbibytes, which would
  certainly fail outright without harm.

7. By Magnus Holmgren on 2013-10-10

[SECURITY] Fix CVE-2013-4397: Integer overflow (Closes: #725938).
Patch from
http://repo.or.cz/w/libtar.git/commitdiff/45448e8bae671c2f7e80b860ae0fc0cedf2bdc04

6. By Julien Danjou on 2009-05-02

Fix autotools usage (Closes: #511741)

5. By Julien Danjou on 2008-04-02

* New maintainer (Closes: #465889)
* Add missing binary-indep target in debian/rules (Closes: #395714)
* Use ${binary:Version} instead of Source-Version
* Bump standard version
* Switch to debhelper 5

4. By James A. Morrison on 2005-08-28

Always include the newest libtool.m4. (Closes: #313612)

3. By James A. Morrison on 2004-07-25

* Move libtar-dev to libdevel. (Closes: #188207)
* Fix potential memory leak.

2. By Glenn McGrath <email address hidden> on 2002-02-24

Fix build problem (Closes #135360)

1. By Glenn McGrath <email address hidden> on 2002-02-24

Import upstream version 1.2.5