-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 26 Dec 2007 13:30:08 +0100 Source: tar Binary: tar Architecture: source amd64 Version: 1.16-2etch1 Distribution: stable-security Urgency: high Maintainer: Bdale Garbee <bdale@gag.com> Changed-By: Florian Weimer <fw@deneb.enyo.de> Description: tar - GNU tar Closes: 439335 441444 Changes: tar (1.16-2etch1) stable-security; urgency=high . * Non-maintainer upload by the security team * Apply patch from Dmitry V. Levin <ldv@owl.openwall.com> to avoid a stack-based buffer overflow while processing certain file names (CVE-2007-4476). Closes: #441444. * Apply patch from Dmitry V. Levin to fix double-dot recognition in case of duplicate / (CVE-2007-4131). Closes: #439335. * Update the autoconf scripts to the etch version (no functional changes, hopefully). Files: c7d9d75758a04174348cd65bb7aaab16 871 utils required tar_1.16-2etch1.dsc d971b9d6114ad0527ef89fab0d3167e0 2199571 utils required tar_1.16.orig.tar.gz 96eb9bcd2d8257893a4f530eb00c9da5 31360 utils required tar_1.16-2etch1.diff.gz b7287060cfefae808c694a60f9cb421c 714108 utils required tar_1.16-2etch1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR3KRfL97/wQC1SS+AQKnRgf+JPmUC5MqJLya8dlKBP4lJSd6UDivOyJF 3ojUEQ/hJB3+rC32GoaNw84MkOms12Ceoo4fBGVrmlSpsGUeIgjL2qy/c59jKOay fCcEkqnR2LHmW7DttOT+P1VuUHtwAlOelIs02R58VgwEIFY3EWg4GqaTtYFN+IkV 0BSWyovPlcbTsrtuHUTDn/5MAcJgmi/QjnZTlBWMfwaIdAJNmsLQlqc24/qtTeZ/ FKuk2mPkVtewMJTXUjrFB8BWe/edzn+u/yo11zerAahv+vAhSBOnpH5r/p/RBP9t aGOi7Ard2y5fh+JjAM+TOud/JbmaGBBLH/lUJnKNpexrDKotW626xw== =7bmw -----END PGP SIGNATURE----- Accepted: tar_1.16-2etch1.diff.gz to pool/main/t/tar/tar_1.16-2etch1.diff.gz tar_1.16-2etch1.dsc to pool/main/t/tar/tar_1.16-2etch1.dsc tar_1.16-2etch1_amd64.deb to pool/main/t/tar/tar_1.16-2etch1_amd64.deb