Joshua, On Fri, 2002-10-11 at 11:50, Joshua Baker-LePain wrote: > Bad. Bad bad bad. If you're using indexing, they're broken. amrecover > won't work. Run, don't walk, to download 1.13.25 from > ftp://alpha.gnu.org.
Thanks for the heads-up. I'd seen this, but hadn't gotten around to updating it. Yes, bad, bad, bad! Anyone know when a new version is coming out to fix CAN-2002-0399? Did I misunderstand the vuln announcement, or is this really only exploitable when a superuser extracts files from a tarball without looking at the contents...? ____SNIP____ $ tar --version tar (GNU tar) 1.13.25 Copyright (C) 2001 Free Software Foundation, Inc. This program comes with NO WARRANTY, to the extent permitted by law. You may redistribute it under the terms of the GNU General Public License; see the file named COPYING for details. Written by John Gilmore and Jay Fenlason. ____SNIP____ Cheers, Mike
