-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 15 Feb 2014 23:51:51 +0100 Source: libtar Binary: libtar-dev libtar0 Architecture: source amd64 Version: 1.2.20-3 Distribution: unstable Urgency: low Maintainer: Magnus Holmgren <holmgren@debian.org> Changed-By: Magnus Holmgren <holmgren@debian.org> Description: libtar-dev - C library for manipulating tar archives (development files) libtar0 - C library for manipulating tar archives Changes: libtar (1.2.20-3) unstable; urgency=low . * no_maxpathlen.patch: Fix two grave bugs in the patch. First, th_get_pathname would only allocate as much memory as was needed for the first filename encountered, causing heap corruption when/if encountering longer filenames later. Second, two variables were mixed up in tar_append_tree(). Also, fix a potential memory leak and trim the patch a bit. * [SECURITY] CVE-2013-4420.patch: When the prefix field is in use, the safer_name_suffix() function should certainly be applied to the combination of it and the name field, not just on the name field. * th_get_size-unsigned-int.patch: Make the th_get_size() macro cast the result from oct_to_int() to unsigned int. This is the right fix for bug #725938 on 64-bit systems, where a specially crafted tar file would not cause an integer overflow, but a memory allocation of almost 16 exbibytes, which would certainly fail outright without harm. Checksums-Sha1: 49c0766b2824796cd704d11d630c9cab63353ec1 1223 libtar_1.2.20-3.dsc 12dc116045cb756f2daebd4c1d0e884a5d7add70 9924 libtar_1.2.20-3.debian.tar.xz aec9397dacd6744a94a02d4122255651b30a1cbb 42366 libtar-dev_1.2.20-3_amd64.deb d32f8a7ba1f946cf4267f55d1d1fb39a39ba627f 22694 libtar0_1.2.20-3_amd64.deb Checksums-Sha256: 06ec14140b5bfcef521fd7934be4d2ca8de7687dd4a30639bc6ac90a30db628f 1223 libtar_1.2.20-3.dsc f955c95c77b88a8efb5e87d4c6dce14d187f83abf3da4206ef8ff024687db83d 9924 libtar_1.2.20-3.debian.tar.xz 69148bfd031e04250111811e614c9dc4a6d9df4049ff0b8e322a2be3cfdab33a 42366 libtar-dev_1.2.20-3_amd64.deb 1b7194e5e1bbddd7dc07ba9c94cafd26b2cf86edb4bb60b6555076a1935ed06b 22694 libtar0_1.2.20-3_amd64.deb Files: b757bfaa41134e8f1da3b41804843a3d 1223 libs optional libtar_1.2.20-3.dsc c9d80cab656652a8a9c296d70d92cb8b 9924 libs optional libtar_1.2.20-3.debian.tar.xz dae83a2f2d4b79009a6b84258e0e6bef 42366 libdevel optional libtar-dev_1.2.20-3_amd64.deb a32bf92401419db6d8d049b0ba6a7860 22694 libs optional libtar0_1.2.20-3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEAREIAAYFAlL/8B0ACgkQk7mRNn1h4+ZrMACeOPTPi58/XU4XJexBU7DyyI3P tZgAnR7sXUzQZ32MIDahQRfpywuCED5Z =oXa4 -----END PGP SIGNATURE-----