Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted libtar 1.2.20-8+deb12u1~deb11u1 (source) into oldstable-security
Date: Tue, 28 Jan 2025 14:50:21 +0000
Signed by: Adrian Bunk <bunk@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 20 Jan 2025 12:25:04 +0200
Source: libtar
Architecture: source
Version: 1.2.20-8+deb12u1~deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Magnus Holmgren <holmgren@debian.org>
Changed-By: Adrian Bunk <bunk@debian.org>
Changes:
 libtar (1.2.20-8+deb12u1~deb11u1) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * Rebuild for bullseye.
 .
 libtar (1.2.20-8+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2021-33643: out-of-bounds read in gnu_longlink()
   * CVE-2021-33644: out-of-bounds read in gnu_longname()
   * CVE-2021-33645: memory leak in th_read()
   * CVE-2021-33646: memory leak in th_read()
Checksums-Sha1:
 6ff21e29df3f2d5360ce89be2d9190a1354419b1 1956 libtar_1.2.20-8+deb12u1~deb11u1.dsc
 8589154a4707033b3f2dd2d201918cd6a7064d5e 63542 libtar_1.2.20.orig.tar.gz
 6dbd1c4c913ada37c53e006a61995096ca4c8d71 12208 libtar_1.2.20-8+deb12u1~deb11u1.debian.tar.xz
Checksums-Sha256:
 3f3c9a4d774f026a67b316e0f3e3e10531716466b0b3748465fc880b3c7cc5e9 1956 libtar_1.2.20-8+deb12u1~deb11u1.dsc
 50f24c857a7ef1cb092e6508758b86d06f1188508f897f3e6b40c573e8879109 63542 libtar_1.2.20.orig.tar.gz
 17dc517e8d8c93dc34660e67827d3708e7e1a47345bb596230e2bf0f54adcd97 12208 libtar_1.2.20-8+deb12u1~deb11u1.debian.tar.xz
Files:
 bf6afeb40ae3589c893b2a4a9a7e64b0 1956 libs optional libtar_1.2.20-8+deb12u1~deb11u1.dsc
 6ced95ab3a4b33fbfe2dfb231d156cdb 63542 libs optional libtar_1.2.20.orig.tar.gz
 b4684340b6092c7fbf898527daa965e6 12208 libs optional libtar_1.2.20-8+deb12u1~deb11u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmeY6nIACgkQiNJCh6LY
mLF1Ng//Xx96W9nMCTFFbbRQzSPSarjLRV0BulWSACDEArwXjbeNkE4a2dB43VMj
izXLrRXTYZYT2FT1RxPYjabvqUtqY+V/4jkSVv4keO2z52zL0wAlWiYBgyO2RizG
fet6X1tFmYXGBfQ7IscZXN7pGHj23nHHDZllFFg6Rh1cRicagEqfg4PbPoVUL/M4
cItJ8mTQkHojGHvf7CRHWD+DIHP/pt1zG0zb0EZQRiTHWczLyCe1AUDplIqGdDQZ
mpsJlBPT8/bwB4EO/0xUOUqUn3TJr2Ws0iayH3wYi2tG/oIV3pSo5PdJD13funB+
MnXFifIhrI9LggnVWF4hn6xWFoEnEAxr5QbXeovrr/dTc1Vq4ZHfppZVsUNloYp/
sFk9vAIdAaqRCrrN/kRzb2aMBTtN8GPfzcMPhNugR40unUj7yEUFBfehrY1FbU8/
90klXa+ny2J54Hg/Di9o4KejDMHabXRnK+BnoTEWOLukMx5YSs+dagenxU8GigbI
9Kyw8bYZU91jg6vaFBOtrHZz8njG3+n5pDYFmra8CgpXwURlrG7ohMxNwzDsYp4A
yi92hHBoR6S8E/aXk1s65Cr3+povaJposd6ZF5ngXYmnR9cGCqJ9Nqks1+Ny8w/x
C+EE3/GjguQiMRP+pm32O/6OJDpazwJDLVYBZ3lH2e4jAZFwb8Y=
=kbWA
-----END PGP SIGNATURE-----

News for package libtar