Launchpad has imported 12 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=280961.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
** Changed in: tar (Gentoo Linux)
Importance: Unknown = High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/180299
Title:
[tar] [CVE-2007-4476] Buffer overflow
--
ubuntu-bugs mailing list
** Branch linked: lp:ubuntu/dapper-updates/tar
** Branch linked: lp:ubuntu/gutsy-updates/tar
--
[tar] [CVE-2007-4476] Buffer overflow
https://bugs.launchpad.net/bugs/180299
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
** Changed in: fedora
Status: Unknown = Confirmed
--
[tar] [CVE-2007-4476] Buffer overflow
https://bugs.launchpad.net/bugs/180299
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
This bug was fixed in the package tar - 1.18-2ubuntu1.1
---
tar (1.18-2ubuntu1.1) gutsy-security; urgency=low
* SECURITY UPDATE: stack-based buffer overflow with malicious tar files
- lib/paxnames.c: updated src/names.c to rewrite hash_string_prefix as
http://www.ubuntu.com/usn/usn-709-1
** Changed in: tar (Ubuntu Dapper)
Status: In Progress = Fix Released
--
[tar] [CVE-2007-4476] Buffer overflow
https://bugs.launchpad.net/bugs/180299
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
** Bug watch added: Red Hat Bugzilla #280961
https://bugzilla.redhat.com/show_bug.cgi?id=280961
** Also affects: fedora via
https://bugzilla.redhat.com/show_bug.cgi?id=280961
Importance: Unknown
Status: Unknown
--
[tar] [CVE-2007-4476] Buffer overflow
Actually, Gutsy is affected, but Hardy and later are not. Feisty EOLd.
--
[tar] [CVE-2007-4476] Buffer overflow
https://bugs.launchpad.net/bugs/180299
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
Reducing the priority cause this seems a crasher and not exploitable.
** Changed in: tar (Ubuntu)
Importance: High = Low
** Changed in: tar (Ubuntu Dapper)
Assignee: (unassigned) = Jamie Strandboge (jdstrand)
Status: New = In Progress
** Changed in: tar (Ubuntu Gutsy)
upstream_tar: 1.18
dapper_tar: needed
edgy_tar: needed
feisty_tar: needed
gutsy_tar: released (1.18-2ubuntu1)
hardy_tar: released (1.18-2ubuntu1)
hardy_tar: released (1.18-2ubuntu1)
devel_tar: released (1.18-2ubuntu1)
** Bug watch added: Debian Bug tracker #441444
** Changed in: tar (Debian)
Status: Unknown = Fix Released
--
[tar] [CVE-2007-4476] Buffer overflow
https://bugs.launchpad.net/bugs/180299
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
It is very sad that CVE-2007-4476 hasn't received any attention from the
security team for several months. After reading some high-level
descriptions and changelogs, it looks like Feisty and Dapper are
vulnerable and that this bug might lead to arbitrary code execution when
unpacking a malicious
** Bug watch added: Gentoo Bugzilla #196978
http://bugs.gentoo.org/show_bug.cgi?id=196978
** Also affects: tar (Gentoo Linux) via
http://bugs.gentoo.org/show_bug.cgi?id=196978
Importance: Unknown
Status: Unknown
--
[tar] [CVE-2007-4476] Buffer overflow
** Changed in: tar (Gentoo Linux)
Status: Unknown = Fix Released
--
[tar] [CVE-2007-4476] Buffer overflow
https://bugs.launchpad.net/bugs/180299
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
** This bug is no longer a duplicate of bug 161173
[CVE-2007-4476] cpio is affected by this CVE as tar.
--
[tar] [CVE-2007-4476] Buffer overflow
https://bugs.launchpad.net/bugs/180299
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for
*** This bug is a duplicate of bug 161173 ***
https://bugs.launchpad.net/bugs/161173
** This bug has been marked a duplicate of bug 161173
[CVE-2007-4476] cpio is affected by this CVE as tar.
--
[tar] [CVE-2007-4476] Buffer overflow
https://bugs.launchpad.net/bugs/180299
You received
*** This bug is a duplicate of bug 161173 ***
https://bugs.launchpad.net/bugs/161173
Is this really a duplicate of Bug #161173, since Bug #161173 is mainly
about package cpio? As I've written, I've opend this report because I
couldn't find a USN about a fix for this issue for tar (well,
17 matches
Mail list logo
