Your message dated Mon, 31 Oct 2016 13:06:42 +0000 with message-id <e1c1ciu-0006ja...@fasolo.debian.org> and subject line Bug#842339: fixed in tar 1.29b-1.1 has caused the Debian Bug report #842339, regarding tar: CVE-2016-6321: Bypassing the extract path name to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 842339: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842339 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: tar Version: 1.29b-1 Severity: grave Tags: security This has been assigned CVE-2016-6321: https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: tar Source-Version: 1.29b-1.1 We believe that the bug you reported is fixed in the latest version of tar, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 842...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated tar package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 30 Oct 2016 07:35:31 +0100 Source: tar Binary: tar tar-scripts Architecture: source Version: 1.29b-1.1 Distribution: unstable Urgency: medium Maintainer: Bdale Garbee <bd...@gag.com> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 842339 Description: tar - GNU version of the tar archiving utility tar-scripts - optional scripts for GNU version of the tar archiving utility Changes: tar (1.29b-1.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2016-6321: Bypassing the extract path name. When extracting, member names containing '..' components are skipped. (Closes: #842339) Checksums-Sha1: f29387983be4c4e187844b31a3dca5d9ba682350 2057 tar_1.29b-1.1.dsc b173024f3ab1f2ba77df662654ec588a19b85058 28484 tar_1.29b-1.1.debian.tar.xz Checksums-Sha256: 9474ed422017e23e8208785c071b9f7765d73d704b9bb19da22699c6581d73ef 2057 tar_1.29b-1.1.dsc 380f80af0e87446796f05ba384c5d130ea2ad5978b8cfdcf315503966333ebb9 28484 tar_1.29b-1.1.debian.tar.xz Files: 038053747784adbbb0b56b1e58b0397c 2057 utils required tar_1.29b-1.1.dsc 8ca20689e54964b05c6c4c51440762d1 28484 utils required tar_1.29b-1.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKPBAEBCgB5BQJYFZaYXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0NjQ0NDA5ODA4QzE3MUUwNTUzMURERUUw NTRDQjhGMzEzNDNDRjQ0EhxjYXJuaWxAZGViaWFuLm9yZwAKCRAFTLjzE0PPRLW/ D/9rczehCKrzLD1yuYf+eDcxW0exnR4+94FVD6GPXn/JELgfe1dWHEq8H98QIHjw sSFPlJJU1l0Yaqs1AlIdufQKs+okpEZRSjWJ4aam/2q0KLHyGHyFddQzCLaNxVDT 19AoJzbqXMRSS1e8fPqJZWInMRHk93usmR9OOwG/RAYuC57x79P6SquzYvfjQ6iH j04Kb1KiNRwyE9AMHitBCipI5vLBin8DWa8IUWfvYp1gUBtURuasf2eqC5lvm3oS y9mR4t6WBhgqEcfXVE6w+YH1LqKnXMKGO6coXOLJpHwEHE32W4CZ4c6YRHI47IGJ 669jpED+kYYlEJdnXWo4CtnmdiQWQdAqsjQxO6iCPxk4W8uB8MMXlxeWiBDqahW1 PVWrvF8Qf4ozqfaFMS9p2MvkvOD+arUAH5uOr+QIVZBjyecMPasDuP+TAzWffMaf KYMcCupcwr27iF2nHkfG9NquqegcBZxbXJyGdClGRLcmckiuj0HOpHL3H06HP0B7 +mStvTLjUM6CKDu+YxwZ04przULv26sG9FlfFnAUTnVKlI0rN15HJO225LpbXvFF CXcWsQtZkKxHZdJWsn9hsHXZeqe+cLuIUMjzR5oVT2Mygy32pAQmVnGil6wOBoMW vyPN7PWdO6IyrBHgIdpXBShH+59QJFYyONidX6eizJmjog== =qb9Q -----END PGP SIGNATURE-----
--- End Message ---
