Package "libtar"
WARNING: the "libtar" package was deleted from this repository
Name: |
libtar
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- C library for manipulating tar archives (development files)
- C library for manipulating tar archives
|
Latest version: |
*DELETED* |
Release: |
trusty (14.04) |
Level: |
proposed |
Repository: |
universe |
Links
Other versions of "libtar" in Trusty
Packages in group
Deleted packages are displayed in grey.
Changelog
libtar (1.2.20-3ubuntu0.1) trusty-proposed; urgency=high
[ Magnus Holmgren ]
* no_maxpathlen.patch: Half of the part of the patch modifying
compat/dirname.c was missing, causing libtar's dirname to always
return NULL (except in special circumstances). Actually make it work
(Closes: #745352). (The reason that libtar doesn't use libc's
dirname() and basename() on some or most platforms is that the code
doesn't work with destructive versions of these functions). (LP: #1315742)
-- Brian Murray <email address hidden> Thu, 19 Jun 2014 11:44:33 -0700
|
1315742 |
Segmentation fault on tar_extract_all in 14.04/1.2.20-3 |
745352 |
vlc: Segmentation fault when starting vlc with plugins enabled - Debian Bug report logs |
|
libtar (1.2.20-3) unstable; urgency=low
* no_maxpathlen.patch: Fix two grave bugs in the patch. First,
th_get_pathname would only allocate as much memory as was needed for
the first filename encountered, causing heap corruption when/if
encountering longer filenames later. Second, two variables were mixed
up in tar_append_tree(). Also, fix a potential memory leak and trim
the patch a bit.
* [SECURITY] CVE-2013-4420.patch: When the prefix field is in use, the
safer_name_suffix() function should certainly be applied to the
combination of it and the name field, not just on the name field.
* th_get_size-unsigned-int.patch: Make the th_get_size() macro cast the
result from oct_to_int() to unsigned int. This is the right fix for
bug #725938 on 64-bit systems, where a specially crafted tar file
would not cause an integer overflow, but a memory allocation of almost
16 exbibytes, which would certainly fail outright without harm.
-- Magnus Holmgren <email address hidden> Sat, 15 Feb 2014 23:51:51 +0100
|
CVE-2013-4420 |
tar_extract_glob and tar_extract_all path prefix directory traversal |
|
About
-
Send Feedback to @ubuntu_updates