Your message dated Sat, 05 Nov 2016 18:47:41 +0000 with message-id <e1c360d-0003ql...@fasolo.debian.org> and subject line Bug#842339: fixed in tar 1.27.1-2+deb8u1 has caused the Debian Bug report #842339, regarding tar: CVE-2016-6321: Bypassing the extract path name to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 842339: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842339 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: tar Version: 1.29b-1 Severity: grave Tags: security This has been assigned CVE-2016-6321: https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: tar Source-Version: 1.27.1-2+deb8u1 We believe that the bug you reported is fixed in the latest version of tar, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 842...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated tar package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 30 Oct 2016 07:48:55 +0100 Source: tar Binary: tar tar-scripts Architecture: source Version: 1.27.1-2+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Bdale Garbee <bd...@gag.com> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 842339 Description: tar - GNU version of the tar archiving utility tar-scripts - optional scripts for GNU version of the tar archiving utility Changes: tar (1.27.1-2+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2016-6321: Bypassing the extract path name. When extracting, member names containing '..' components are skipped. (Closes: #842339) Checksums-Sha1: 7c0ccb9634e780a798889e835142730e094cb18a 2049 tar_1.27.1-2+deb8u1.dsc ff027757abf420beb2f09fa59b37debbd45b15dd 1704252 tar_1.27.1.orig.tar.xz 39a2f53db5bc8d2b0d90aab3f9502a5abb4ae573 32632 tar_1.27.1-2+deb8u1.debian.tar.xz Checksums-Sha256: e42e96a9cdf325d7f030306735a1380276670deb72541a7f97ffe59a1e32e67b 2049 tar_1.27.1-2+deb8u1.dsc 58169c5a03c04be20d3fb91010b01e822c6a58060a96e7cf2f9c1944de0151ab 1704252 tar_1.27.1.orig.tar.xz dc2e495770f6c1c79a4e299d4008c8cb1f91a48e823751bc95d7f26ae498f995 32632 tar_1.27.1-2+deb8u1.debian.tar.xz Files: d28624d0fbf4b3b28b0e56a34f28132c 2049 utils required tar_1.27.1-2+deb8u1.dsc 992c029086ad2ab7c27d5c32db7d4400 1704252 utils required tar_1.27.1.orig.tar.xz fc2673e35962a76a9624d05b96fb0b46 32632 utils required tar_1.27.1-2+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKPBAEBCgB5BQJYFZmXXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0NjQ0NDA5ODA4QzE3MUUwNTUzMURERUUw NTRDQjhGMzEzNDNDRjQ0EhxjYXJuaWxAZGViaWFuLm9yZwAKCRAFTLjzE0PPRNns D/wIe9Ix9+BADZLYWUydM6edaN+hBlFL4bmW5SFKebmvkSwFnnOwv/zLHXde4NEd 2op7Ok8bCWIYI/Md67bWKstJjmGyMIg8Ez8csYNZjjsYnqkAFl2O9KMPFfFwIQjr Xr092VZqyqlYpQaUi9Wvk5Pf9KyxJNA2yDiWXqM0Ry7V8JcK3ExetxcI35iSuWDQ 7G9c/Wmdr9Bsj+xeV43pPY1PjCuMOfAKDcsX95ZiZ2e8QgwDg2f0i0tIHpmYkdy1 gFMES81iZF1615I6lMbJNh/IXVRUjSmfMSfm/Sj94rfm3aSlgOvaBzXjkelAUzD+ IUfoHSWbq0jQd8HxhdtjRAgiHsgTaSHpmZwMrXVurD+1DWBKWMHgdmBXG4UfszYV DI9TnfbJRwgnFHCpHDeETv51nOpnpu45g4tfBYX33PRFwZzJSA83/SPK9JpYWuF2 VwaVwVtNyAWQWLee0fPY1TC4Z7mjOU821aIbGBto5TpzlJLTbmtXhqtKnNNSMA31 MonpCspKJTza7njfl6NcTwDI6IoROHKHPrMoAuk+bXc5UujmbUS+1tO+1s3x+Awf TjVOMBbtZ2RNdREKlzot1Td8zIXQZ+/aWD3nqNOgvjRbKUnr3oFI6XOBoT7oD20I quL56ZpDEr3+PGryjOEfBaBEitDiN3Z+Z1g/7NR4+24Dlw== =TiVx -----END PGP SIGNATURE-----
--- End Message ---
