On Friday 11 October 2002 14:04, pointer wrote: >Joshua, > >On Fri, 2002-10-11 at 11:50, Joshua Baker-LePain wrote: >> Bad. Bad bad bad. If you're using indexing, they're broken. >> amrecover won't work. Run, don't walk, to download 1.13.25 from >> ftp://alpha.gnu.org. > >Thanks for the heads-up. I'd seen this, but hadn't gotten around > to updating it. Yes, bad, bad, bad! Anyone know when a new > version is coming out to fix CAN-2002-0399? > >Did I misunderstand the vuln announcement, or is this really only >exploitable when a superuser extracts files from a tarball without >looking at the contents...?
Thats the way I read that announcement. >____SNIP____ >$ tar --version >tar (GNU tar) 1.13.25 >Copyright (C) 2001 Free Software Foundation, Inc. >This program comes with NO WARRANTY, to the extent permitted by > law. You may redistribute it under the terms of the GNU General > Public License; >see the file named COPYING for details. >Written by John Gilmore and Jay Fenlason. >____SNIP____ this is the good one AFAIK. -- Cheers, Gene AMD K6-III@500mhz 320M Athlon1600XP@1400mhz 512M 99.17% setiathome rank, not too shabby for a WV hillbilly