| Release | Version |
|---|---|
| bullseye | 1.2.20-8 |
| bullseye (security) | 1.2.20-8+deb12u1~deb11u1 |
| bookworm | 1.2.20-8 |
| Bug | bullseye | bookworm | Description |
|---|---|---|---|
| CVE-2021-33646 | fixed | vulnerable (no DSA) | The th_read() function doesn\u2019t free a variable t->th_buf.gnu_long ... |
| CVE-2021-33645 | fixed | vulnerable (no DSA) | The th_read() function doesn\u2019t free a variable t->th_buf.gnu_long ... |
| CVE-2021-33644 | fixed | vulnerable (no DSA) | An attacker who submits a crafted tar file with size in header struct ... |
| CVE-2021-33643 | fixed | vulnerable (no DSA) | An attacker who submits a crafted tar file with size in header struct ... |
| Bug | Description |
|---|---|
| CVE-2013-4420 | Multiple directory traversal vulnerabilities in the (1) tar_extract_gl ... |
| CVE-2013-4397 | Multiple integer overflows in the th_read function in lib/block.c in l ... |
| DSA / DLA | Description |
|---|---|
| DLA-4033-1 | libtar - security update |
| DSA-2863-1 | libtar - directory traversal |
| DSA-2817-1 | libtar - Multiple integer overflows |