Package: tar Version: 1.16-1 Severity: critical Tags: sarge, sid, upstream, security
There is a directory traversal bug in GNU tar as described in http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050812.html which means the creation and overwriting of files outside the expected directory without using -P. I could reproduce this security flaw in Sarge (tar 1.14-2.2) as well in Sid (tar 1.16-1), so it probably is also in the version in Etch. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.33.2-1-dphys-k8-smp-64gb Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages tar depends on: ii libc6 2.3.6.ds1-8 GNU C Library: Shared libraries tar recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
