Back to libtar PTS page

Accepted libtar 1.2.20-3 (source amd64)

To: debian-devel-changes@lists.debian.org
Subject: Accepted libtar 1.2.20-3 (source amd64)
From: Magnus Holmgren <holmgren@debian.org>
Date: Sat, 15 Feb 2014 23:04:17 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1WEoHR-0007ZB-Ej@franck.debian.org>
Reply-to: debian-devel@lists.debian.org
Sender: Archive Administrator <dak@franck.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 15 Feb 2014 23:51:51 +0100
Source: libtar
Binary: libtar-dev libtar0
Architecture: source amd64
Version: 1.2.20-3
Distribution: unstable
Urgency: low
Maintainer: Magnus Holmgren <holmgren@debian.org>
Changed-By: Magnus Holmgren <holmgren@debian.org>
Description: 
 libtar-dev - C library for manipulating tar archives (development files)
 libtar0    - C library for manipulating tar archives
Changes: 
 libtar (1.2.20-3) unstable; urgency=low
 .
   * no_maxpathlen.patch: Fix two grave bugs in the patch. First,
     th_get_pathname would only allocate as much memory as was needed for
     the first filename encountered, causing heap corruption when/if
     encountering longer filenames later. Second, two variables were mixed
     up in tar_append_tree(). Also, fix a potential memory leak and trim
     the patch a bit.
   * [SECURITY] CVE-2013-4420.patch: When the prefix field is in use, the
     safer_name_suffix() function should certainly be applied to the
     combination of it and the name field, not just on the name field.
   * th_get_size-unsigned-int.patch: Make the th_get_size() macro cast the
     result from oct_to_int() to unsigned int. This is the right fix for
     bug #725938 on 64-bit systems, where a specially crafted tar file
     would not cause an integer overflow, but a memory allocation of almost
     16 exbibytes, which would certainly fail outright without harm.
Checksums-Sha1: 
 49c0766b2824796cd704d11d630c9cab63353ec1 1223 libtar_1.2.20-3.dsc
 12dc116045cb756f2daebd4c1d0e884a5d7add70 9924 libtar_1.2.20-3.debian.tar.xz
 aec9397dacd6744a94a02d4122255651b30a1cbb 42366 libtar-dev_1.2.20-3_amd64.deb
 d32f8a7ba1f946cf4267f55d1d1fb39a39ba627f 22694 libtar0_1.2.20-3_amd64.deb
Checksums-Sha256: 
 06ec14140b5bfcef521fd7934be4d2ca8de7687dd4a30639bc6ac90a30db628f 1223 libtar_1.2.20-3.dsc
 f955c95c77b88a8efb5e87d4c6dce14d187f83abf3da4206ef8ff024687db83d 9924 libtar_1.2.20-3.debian.tar.xz
 69148bfd031e04250111811e614c9dc4a6d9df4049ff0b8e322a2be3cfdab33a 42366 libtar-dev_1.2.20-3_amd64.deb
 1b7194e5e1bbddd7dc07ba9c94cafd26b2cf86edb4bb60b6555076a1935ed06b 22694 libtar0_1.2.20-3_amd64.deb
Files: 
 b757bfaa41134e8f1da3b41804843a3d 1223 libs optional libtar_1.2.20-3.dsc
 c9d80cab656652a8a9c296d70d92cb8b 9924 libs optional libtar_1.2.20-3.debian.tar.xz
 dae83a2f2d4b79009a6b84258e0e6bef 42366 libdevel optional libtar-dev_1.2.20-3_amd64.deb
 a32bf92401419db6d8d049b0ba6a7860 22694 libs optional libtar0_1.2.20-3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEAREIAAYFAlL/8B0ACgkQk7mRNn1h4+ZrMACeOPTPi58/XU4XJexBU7DyyI3P
tZgAnR7sXUzQZ32MIDahQRfpywuCED5Z
=oXa4
-----END PGP SIGNATURE-----