libtar (1.2.11-6+deb6u2) squeeze-security; urgency=low * [SECURITY] CVE-2013-4420: Strip out leading slashes and any pathname prefix containing ".." components (Closes: #731860). This is done in th_get_pathname() (as well as to symlink targets when extracting symlinks), not merely when extracting files, which means applications calling that function will not see the stored filename. There is no way to disable this behaviour, but it can be expected that one will be provided when the issue is solved upstream. * Make the th_get_size() macro cast the result from oct_to_int() to unsigned int. This is the right fix for bug #725938 on 64-bit systems, where a specially crafted tar file would not cause an integer overflow, but a memory allocation of almost 16 exbibytes, which would certainly fail outright without harm. -- Magnus Holmgren Sun, 16 Feb 2014 19:44:16 +0100 libtar (1.2.11-6+deb6u1) squeeze-security; urgency=high * [SECURITY] Fix CVE-2013-4397: Integer overflow (Closes: #725938). Patch from http://repo.or.cz/w/libtar.git/commitdiff/45448e8bae671c2f7e80b860ae0fc0cedf2bdc04 -- Magnus Holmgren Thu, 10 Oct 2013 20:34:07 +0200 libtar (1.2.11-6) unstable; urgency=low * Fix autotools usage (Closes: #511741) -- Julien Danjou Sat, 02 May 2009 11:33:06 +0200 libtar (1.2.11-5) unstable; urgency=low * New maintainer (Closes: #465889) * Add missing binary-indep target in debian/rules (Closes: #395714) * Use ${binary:Version} instead of Source-Version * Bump standard version * Switch to debhelper 5 -- Julien Danjou Wed, 02 Apr 2008 07:06:55 +0200 libtar (1.2.11-4) unstable; urgency=low * Always include the newest libtool.m4. (Closes: #313612) -- James Morrison Sun, 28 Aug 2005 09:41:47 -0700 libtar (1.2.11-3) unstable; urgency=low * Document stupidity of tartype_t in libtar.c. (Closes: #309945) -- James Morrison Sat, 11 Jun 2005 18:23:15 -0400 libtar (1.2.11-2) unstable; urgency=low * Move libtar-dev to libdevel. (Closes: #188207) * Fix potential memory leak. -- James Morrison Sun, 25 Jul 2004 12:59:08 -0700 libtar (1.2.11-1) unstable; urgency=low * New Upstream release. -- James Morrison Sat, 5 Apr 2003 14:03:19 -0500 libtar (1.2.10-1) unstable; urgency=low * New Upstream release. (Closes: #166602) New upstream uses autoconf 2.5x * Remove dependency on automake. Hopefully upstream will except this use of libtool. * Remove all -static and -shared targets from debian/rules. * Use dh_install instead of dh_movefiles. * - -- James Morrison Sat, 5 Apr 2003 14:03:16 -0500 libtar (1.2.5-4) unstable; urgency=low * New maintainer. (Closes: #154597) * WSG_ENCAP is now defined. (Closes: #147764) * libtar-dev depends on libc-dev instead of libc6-dev. -- James Morrison Wed, 14 Aug 2002 23:44:16 -0400 libtar (1.2.5-3) unstable; urgency=low * Modify build commands to acomadate change in autoconf (Closes #147764) -- Glenn McGrath Thu, 23 May 2002 01:06:16 +1000 libtar (1.2.5-2) unstable; urgency=low * Fix build problem (Closes #135360) -- Glenn McGrath Sun, 24 Feb 2002 06:29:31 +1100 libtar (1.2.5-1) unstable; urgency=low * New upstream version * Change section of libtar-dev to devel and libtar to libs -- Glenn McGrath Fri, 22 Feb 2002 04:23:15 +1100 libtar (1.2.4-2) unstable; urgency=low * Change section from devel to libs -- Glenn McGrath Sat, 2 Feb 2002 12:12:32 +1100 libtar (1.2.4-1) unstable; urgency=low * Initial Release. (closes #128042) -- Glenn McGrath Sat, 5 Jan 2002 13:24:37 +1100 Local variables: mode: debian-changelog End: