CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/06/08 19:36:20
Modified files:
gnu/usr.bin/perl/cpan/Archive-Tar/lib/Archive: Tar.pm
gnu/usr.bin/perl/cpan/Archive-Tar/t: 04_resolved_issues.t
Log message:
Upstream patches for Archive-Tar perl dist
* CVE-2026-42496
https://lists.security.metacpan.org/cve-announce/msg/40396459/
Archive::Tar versions before 3.08 for Perl extract symlinks with
attacker controlled targets outside the extraction directory
* CVE-2026-42497
https://lists.security.metacpan.org/cve-announce/msg/40396457/
Archive::Tar versions before 3.08 for Perl extract hardlinks to
attacker controlled paths outside the extraction directory
* CVE-2026-9538
https://lists.security.metacpan.org/cve-announce/msg/40396448/
Archive::Tar versions before 3.10 for Perl allow memory exhaustion
via attacker controlled entry size field in tar header
