libarchive-tar-perl oldstable update for CVE-2007-4829
Luk Claes
luk at debian.org
Sat Apr 4 20:50:44 UTC 2009
gregor herrmann wrote:
> On Sat, 04 Apr 2009 19:22:18 +0300, Niko Tyni wrote:
>
>>> I'm attaching the diff between 1.30-2 (in oldstable) and 1.38-2 (the
>>> last version in the archive that got removed later). The diff is
>>> created by
>> Please note that there was also a 'second half' to CVE-2007-4829 fixed
>> upstream in 1.39_01. See #509802. This should presumably be fixed too.
>
> Thanks for spotting!
>
> I've just downloaded your patch from
> http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=29;filename=39_fix_archive_tar_symlink_unpack;att=1;bug=509802
> and it applies cleanly to 1.38-2 from our svn repo, so if the release
> team wishes it would be easy to upload the "old" 1.38-2 plus this
> patch (with whatever version number would be appropriate for such a
> mixture :).
Ok, please upload with an appropriate version :-)
Cheers
Luk
More information about the pkg-perl-maintainers
mailing list