Source: tar Source-Version: 1.32+dfsg-1 On Fri, Mar 22, 2019 at 02:20:35PM +0100, Salvatore Bonaccorso wrote: > Source: tar > Version: 1.30+dfsg-5 > Severity: normal > Tags: security upstream > Forwarded: https://savannah.gnu.org/bugs/?55369 > Control: tags -1 + fixed-upstream > > Hi, > > The following vulnerability was published for tar. > > CVE-2019-9923[0]: > | pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL > | pointer dereference when parsing certain archives that have malformed > | extended headers. > > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2019-9923 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923 > [1] https://savannah.gnu.org/bugs/?55369 > [2] > http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120 > [3] https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241 > > Please adjust the affected versions in the BTS as needed.
Fixed with 1.32+dfsg-1 upload to unstable. Regards, Salvatore
