diff options
author | Adrian Bunk <bunk@debian.org> | 2021-11-28 14:20:48 +0200 |
---|---|---|
committer | Adrian Bunk <bunk@debian.org> | 2021-11-28 14:20:48 +0200 |
commit | 35fd2726a2243057e5ac8d53e8c49f0a3bc8b5ec (patch) | |
tree | 805c36a1f9d736d0c882ef25fb2822900ea404e1 | |
parent | ace18efeba35cb3f06030b260f47612a3a8e024e (diff) |
Reserve DLA-2830-1 for tar
-rw-r--r-- | data/CVE/2018.list | 1 | ||||
-rw-r--r-- | data/DLA/list | 3 | ||||
-rw-r--r-- | data/dla-needed.txt | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 1e185bb2cc..f58b388d48 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -2219,7 +2219,6 @@ CVE-2018-20483 (set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a CVE-2018-20482 (GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage ...) {DLA-1623-1} - tar 1.30+dfsg-3.1 (bug #917377) - [stretch] - tar <no-dsa> (Minor issue) NOTE: https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug NOTE: https://news.ycombinator.com/item?id=18745431 NOTE: https://twitter.com/thatcks/status/1076166645708668928 diff --git a/data/DLA/list b/data/DLA/list index 7d65b0eddc..7f0c4a8cef 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[28 Nov 2021] DLA-2830-1 tar - security update + {CVE-2018-20482} + [stretch] - tar 1.29b-1.1+deb9u1 [27 Nov 2021] DLA-2829-1 libvpx - security update {CVE-2020-0034} [stretch] - libvpx 1.6.1-3+deb9u3 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 3580b44bfe..4844507cfa 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -87,8 +87,6 @@ rustc (Roberto C. Sánchez) -- samba (Anton) -- -tar (Adrian Bunk) --- thunderbird (Emilio) NOTE: 20211122: blocked on toolchain backports (pochu) -- |