FYI, Just in case nobody informed you, the notice at:
http://seclists.org/fulldisclosure/2016/Oct/96 claims tar 1.29 is vulnerable. I have been checking what I assume is the git master archive for any fix here: http://git.savannah.gnu.org/cgit/tar.git and the mailing list here: http://lists.gnu.org/archive/html/bug-tar/ And nothing is there about this that I can find, so I wonder if maybe nobody has informed you about it? Maybe you fixed it and I didn't realize the fix was for this problem? If so, what git commit should I create a patch from to get the fix? Thanks!
