Package: python2.7
Version: 2.7.16-2+deb10u1
Severity: important
Dear Maintainer,
/usr/lib/python2.7/tarfile.py does not catch encoding errors in tarfile
filenames and throws an exception possibly crashing programs, like
duplicity.
The problem lies in def _proc_pax(self, tarfile):
1396 while True:
1397 match = regex.match(buf, pos)
1398 if not match:
1399 break
1400
1401 length, keyword = match.groups()
1402 length = int(length)
1403 value = buf[match.end(2) + 1:match.start(1) + length - 1]
1404
1405 keyword = keyword.decode("utf8")
1406 value = value.decode("utf8")
1407
1408 pax_headers[keyword] = value
1409 pos += length
Line 1406 seems to need errors="ignore" or errors="replace" to extract
archives with minor encoding errors in the filenames or should throw a
more specific exception than UnicodeDecodeError.
-- System Information:
Debian Release: 10.9
APT prefers stable
APT policy: (900, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages python2.7 depends on:
ii libpython2.7-stdlib 2.7.16-2+deb10u1
ii mime-support 3.62
ii python2.7-minimal 2.7.16-2+deb10u1
python2.7 recommends no packages.
Versions of packages python2.7 suggests:
ii binutils 2.31.1-16
pn python2.7-doc <none>
-- no debconf information
