Debian Package Tracker

From: Magnus Holmgren <holmgren@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted libtar 1.2.20-2 (source amd64)
Date: Sat, 15 Feb 2014 21:20:56 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 15 Feb 2014 21:49:37 +0100
Source: libtar
Binary: libtar-dev libtar0
Architecture: source amd64
Version: 1.2.20-2
Distribution: unstable
Urgency: low
Maintainer: Magnus Holmgren <holmgren@debian.org>
Changed-By: Magnus Holmgren <holmgren@debian.org>
Description: 
 libtar-dev - C library for manipulating tar archives (development files)
 libtar0    - C library for manipulating tar archives
Closes: 657116 731860
Changes: 
 libtar (1.2.20-2) unstable; urgency=low
 .
   * no_static_buffers.patch: avoid using a static buffer in
     th_get_pathname(). Taken from upstream. Needed for no_maxpathlen.patch.
   * maxpathlen.patch: Fix FTBFS on Hurd by dynamically allocating path
     names (Closes: #657116). Thanks to Svante Signell and Petter
     Reinholdtsen.
   * [SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any
     pathname prefix containing ".." components (Closes: #731860). This is
     done in th_get_pathname() (as well as to symlink targets when
     extracting symlinks), not merely when extracting files, which means
     applications calling that function will not see the stored
     filename. There is no way to disable this behaviour, but it can be
     expected that one will be provided when the issue is solved upstream.
   * Bump Standards-Version to 3.9.5.
Checksums-Sha1: 
 d8a14e21ae8bbd2f1d95f1280d80791680f83beb 1223 libtar_1.2.20-2.dsc
 92e353b7d07f71c75e34f6f1ac87b4b803eb2f1c 8716 libtar_1.2.20-2.debian.tar.xz
 1cdb02634deb09ab9655640adc055fdf864ffa22 41914 libtar-dev_1.2.20-2_amd64.deb
 c0714924c81c94a433d1dcf7a51e41aab210ae66 22316 libtar0_1.2.20-2_amd64.deb
Checksums-Sha256: 
 3676db500b4a5cdb252a06303e9e8538243e00465227abc83c149b32f6d0d37f 1223 libtar_1.2.20-2.dsc
 5ea31fcaf5c5ba6a1332ef4159c6e52ed54c311881aa72251f36034995fbd816 8716 libtar_1.2.20-2.debian.tar.xz
 ba371e469520f1cadcd60eafd0db0f18c82deeea0ea23099353b4cbcc6d5c727 41914 libtar-dev_1.2.20-2_amd64.deb
 db241179e88f0022eca8244cc51dcb27aedc6efc8f0d569a50261329ffeeca49 22316 libtar0_1.2.20-2_amd64.deb
Files: 
 348c774fef2bb4eb3b249867a340f970 1223 libs optional libtar_1.2.20-2.dsc
 7bde420892804a86c9f4c3ac3e945902 8716 libs optional libtar_1.2.20-2.debian.tar.xz
 064ce167bbc62a997a68a38d55c2fbba 41914 libdevel optional libtar-dev_1.2.20-2_amd64.deb
 26ce4fdde5392135373285ac13d67e7b 22316 libs optional libtar0_1.2.20-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEAREIAAYFAlL/1BcACgkQk7mRNn1h4+bTGwCfbWMxnN0+iRjfzdLNfE6IJvo/
FoEAnRjXkIJaTH89HhrtmidEkNeErBgh
=pXuc
-----END PGP SIGNATURE-----
News for package libtar
