-
Committer:
Package Import Robot
-
Author(s):
Magnus Holmgren
-
Date:
2014-02-16 19:44:16 UTC
-
Revision ID:
package-import@ubuntu.com-20140216194416-axzaxxjzw10ybh6a
Tags: 1.2.11-6+deb6u2
* [SECURITY] CVE-2013-4420: Strip out leading slashes and any
pathname prefix containing ".." components (Closes: #731860). This is
done in th_get_pathname() (as well as to symlink targets when
extracting symlinks), not merely when extracting files, which means
applications calling that function will not see the stored
filename. There is no way to disable this behaviour, but it can be
expected that one will be provided when the issue is solved upstream.
* Make the th_get_size() macro cast the result from oct_to_int() to
unsigned int. This is the right fix for bug #725938 on 64-bit systems,
where a specially crafted tar file would not cause an integer
overflow, but a memory allocation of almost 16 exbibytes, which would
certainly fail outright without harm.