Debian Bug report logs - #314805
tar: numerous bugs, possible security risk

version graph

Package: tar; Maintainer for tar is Bdale Garbee <bdale@gag.com>; Source for tar is src:tar.

Reported by: Jim Meyering <jim@meyering.net>

Date: Sat, 18 Jun 2005 16:48:02 UTC

Severity: important

Tags: patch

Found in version 1.15.1-2

Fixed in version tar/1.15.1-3

Done: Bdale Garbee <bdale@gag.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Bdale Garbee <bdale@gag.com>:
Bug#314805; Package tar. Full text and rfc822 format available.

Acknowledgement sent to Jim Meyering <jim@meyering.net>:
New Bug report received and forwarded. Copy sent to Bdale Garbee <bdale@gag.com>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Jim Meyering <jim@meyering.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: tar: numerous bugs, possible security risk
Date: Sat, 18 Jun 2005 18:32:18 +0200
Package: tar
Version: 1.15.1-2
Severity: important
Tags: patch

I've reported several problems upstream.
Here is the message with patch:

  http://lists.gnu.org/archive/html/bug-tar/2005-06/msg00029.html

Here is a summary of the fixes:

2005-06-17  Jim Meyering  <address@hidden>

        Carefully crafted invalid headers can cause buffer overrun.
        Invalid header fields go undiagnosed.
        Some valid time strings are ignored.

        * src/xheader.c (sparse_numblocks_decoder): Remove unchecked use
        of `calloc'.  Use xcalloc instead.
        (decode_time, gid_decoder, size_decoder, uid_decoder):
        (sparse_size_decoder, sparse_offset_decoder, sparse_numblocks_decoder):
        Ensure that the result of calling xstrtoumax is no larger than
        the maximum value for the target type.  Upon any failure, exit with
        a diagnostic.
        (sparse_numblocks_decoder): Avoid buffer overrun/heap corruption:
        use x2nrealloc, rather than `n *= 2' and xrealloc(p, n,....
        (decode_time): Rewrite to accept time strings like 1119018481.000000000.
        Before, such strings were always ignored.

-- System Information:
Debian Release: testing/unstable
  APT prefers stable
  APT policy: (900, 'stable'), (100, 'unstable'), (99, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11.12
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages tar depends on:
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an

tar recommends no packages.

-- no debconf information



Reply sent to Bdale Garbee <bdale@gag.com>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Jim Meyering <jim@meyering.net>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 314805-close@bugs.debian.org (full text, mbox):

From: Bdale Garbee <bdale@gag.com>
To: 314805-close@bugs.debian.org
Subject: Bug#314805: fixed in tar 1.15.1-3
Date: Thu, 23 Feb 2006 11:32:08 -0800
Source: tar
Source-Version: 1.15.1-3

We believe that the bug you reported is fixed in the latest version of
tar, which is due to be installed in the Debian FTP archive:

tar_1.15.1-3.diff.gz
  to pool/main/t/tar/tar_1.15.1-3.diff.gz
tar_1.15.1-3.dsc
  to pool/main/t/tar/tar_1.15.1-3.dsc
tar_1.15.1-3_i386.deb
  to pool/main/t/tar/tar_1.15.1-3_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 314805@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bdale Garbee <bdale@gag.com> (supplier of updated tar package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 23 Feb 2006 13:02:09 -0600
Source: tar
Binary: tar
Architecture: source i386
Version: 1.15.1-3
Distribution: unstable
Urgency: high
Maintainer: Bdale Garbee <bdale@gag.com>
Changed-By: Bdale Garbee <bdale@gag.com>
Description: 
 tar        - GNU tar
Closes: 272888 286978 314805 319635 330187 343062 354091
Changes: 
 tar (1.15.1-3) unstable; urgency=high
 .
   * patch for src/xheader.c suggested by Martin Pitt, to fix exploitable
     buffer overflow [CVE-2006-0300], closes: #354091, #314805
   * change default path for rmt in lib/localedir.h to be correct for Debian
     systems, closes: #319635
   * updated Italian translation from Marco d'Itri, closes: #286978
   * patch from Loic Minier fixing wrong matching of file names when special
     characters are present, closes: #272888
   * patch suggested by Stephen Frost to convert fatal error to warning when
     an archive spanning multiple volumes contains a filename longer than
     100 characters, closes: #330187
   * patch from Peter Samuelson to fix hard link handling in the presence
     of the --strip-components option, closes: #343062
   * update debhelper compat level to 5
Files: 
 58cefb921a4b79f4c74b8bcd9516bd6b 552 base required tar_1.15.1-3.dsc
 4f36ad73b51359b311d1cc09eca963ee 47142 base required tar_1.15.1-3.diff.gz
 7b1aa651c91398561029d07051200b11 770876 base required tar_1.15.1-3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD/gvfZKfAp/LPAagRAmcwAJ0WyzmDxhXMa2REw9hpW8IItt/t3QCfXsIb
fFdNX3grOJknRw87vgEmZCc=
=68M6
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 24 Jun 2007 10:40:51 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 21:13:53 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.