Information on source package tar

Available versions

ReleaseVersion
stretch1.29b-1.1
buster1.30+dfsg-6
bullseye1.34+dfsg-1
bookworm1.34+dfsg-1
sid1.34+dfsg-1

Open issues

BugstretchbusterbullseyebookwormsidDescription
CVE-2018-20482vulnerable (no DSA)fixedfixedfixedfixedGNU Tar through 1.30, when --sparse is used, mishandles file shrinkage ...

Open unimportant issues

BugstretchbusterbullseyebookwormsidDescription
TEMP-0290435-0B57B5vulnerablevulnerablevulnerablevulnerablevulnerabletar's rmt command may have undesired side effects
CVE-2021-20193vulnerablevulnerablefixedfixedfixedA flaw was found in the src/list.c of tar 1.33 and earlier. This flaw ...
CVE-2019-9923vulnerablevulnerablefixedfixedfixedpax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointe ...
CVE-2005-2541vulnerablevulnerablevulnerablevulnerablevulnerableTar 1.15.1 does not properly warn the user when extracting setuid or s ...

Resolved issues

BugDescription
CVE-2016-6321Directory traversal vulnerability in the safer_name_suffix function in ...
CVE-2010-0624Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib. ...
CVE-2007-4476Buffer overflow in the safer_name_suffix function in GNU tar has unspe ...
CVE-2007-4131Directory traversal vulnerability in the contains_dot_dot function in ...
CVE-2006-6097GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assi ...
CVE-2006-0300Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attac ...
CVE-2005-1918The original patch for a GNU tar directory traversal vulnerability (CV ...
CVE-2002-1216GNU tar 1.13.19 and other versions before 1.13.25 allows remote attack ...

Security announcements

DSA / DLADescription
DLA-1623-1tar - security update
DSA-3702-1tar - security update
DLA-690-1tar - security update
DSA-1438-1tar
DSA-1223-1tar
DSA-987-1tar - buffer overflow
Search for package or bug name: Reporting problems