summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAdrian Bunk <bunk@debian.org>2021-11-28 14:20:48 +0200
committerAdrian Bunk <bunk@debian.org>2021-11-28 14:20:48 +0200
commit35fd2726a2243057e5ac8d53e8c49f0a3bc8b5ec (patch)
tree805c36a1f9d736d0c882ef25fb2822900ea404e1
parentace18efeba35cb3f06030b260f47612a3a8e024e (diff)
Reserve DLA-2830-1 for tar
-rw-r--r--data/CVE/2018.list1
-rw-r--r--data/DLA/list3
-rw-r--r--data/dla-needed.txt2
3 files changed, 3 insertions, 3 deletions
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 1e185bb2cc..f58b388d48 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -2219,7 +2219,6 @@ CVE-2018-20483 (set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a
CVE-2018-20482 (GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage ...)
{DLA-1623-1}
- tar 1.30+dfsg-3.1 (bug #917377)
- [stretch] - tar <no-dsa> (Minor issue)
NOTE: https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug
NOTE: https://news.ycombinator.com/item?id=18745431
NOTE: https://twitter.com/thatcks/status/1076166645708668928
diff --git a/data/DLA/list b/data/DLA/list
index 7d65b0eddc..7f0c4a8cef 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[28 Nov 2021] DLA-2830-1 tar - security update
+ {CVE-2018-20482}
+ [stretch] - tar 1.29b-1.1+deb9u1
[27 Nov 2021] DLA-2829-1 libvpx - security update
{CVE-2020-0034}
[stretch] - libvpx 1.6.1-3+deb9u3
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 3580b44bfe..4844507cfa 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -87,8 +87,6 @@ rustc (Roberto C. Sánchez)
--
samba (Anton)
--
-tar (Adrian Bunk)
---
thunderbird (Emilio)
NOTE: 20211122: blocked on toolchain backports (pochu)
--

© 2014-2024 Faster IT GmbH | imprint | privacy policy