[Git][security-tracker-team/security-tracker][master] Reserve DLA-2830-1 for tar
Adrian Bunk (@bunk)
bunk at debian.org
Sun Nov 28 12:21:02 GMT 2021
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d1a7099c by Adrian Bunk at 2021-11-28T14:20:48+02:00
Reserve DLA-2830-1 for tar
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -191801,7 +191801,6 @@ CVE-2018-20483 (set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a
CVE-2018-20482 (GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage ...)
{DLA-1623-1}
- tar 1.30+dfsg-3.1 (bug #917377)
- [stretch] - tar <no-dsa> (Minor issue)
NOTE: https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug
NOTE: https://news.ycombinator.com/item?id=18745431
NOTE: https://twitter.com/thatcks/status/1076166645708668928
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Nov 2021] DLA-2830-1 tar - security update
+ {CVE-2018-20482}
+ [stretch] - tar 1.29b-1.1+deb9u1
[27 Nov 2021] DLA-2829-1 libvpx - security update
{CVE-2020-0034}
[stretch] - libvpx 1.6.1-3+deb9u3
=====================================
data/dla-needed.txt
=====================================
@@ -87,8 +87,6 @@ rustc (Roberto C. Sánchez)
--
samba (Anton)
--
-tar (Adrian Bunk)
---
thunderbird (Emilio)
NOTE: 20211122: blocked on toolchain backports (pochu)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1a7099c457aed6adf7d4ddb9927dba523311049
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1a7099c457aed6adf7d4ddb9927dba523311049
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211128/9ba0e9c5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list