Information on source package tar

Available versions

ReleaseVersion
jessie1.27.1-2+deb8u1
jessie (security)1.27.1-2+deb8u2
stretch1.29b-1.1
buster1.30+dfsg-5
sid1.30+dfsg-5

Open issues

BugjessiestretchbustersidDescription
CVE-2018-20482fixedvulnerable (no DSA)fixedfixedGNU Tar through 1.30, when --sparse is used, mishandles file shrinkage ...

Open unimportant issues

BugjessiestretchbustersidDescription
TEMP-0290435-0B57B5vulnerablevulnerablevulnerablevulnerabletar's rmt command may have undesired side effects
CVE-2019-9923vulnerablevulnerablevulnerablevulnerablepax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointe ...
CVE-2005-2541vulnerablevulnerablevulnerablevulnerableTar 1.15.1 does not properly warn the user when extracting setuid or s ...

Resolved issues

BugDescription
CVE-2016-6321Directory traversal vulnerability in the safer_name_suffix function in ...
CVE-2010-0624Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib. ...
CVE-2007-4476Buffer overflow in the safer_name_suffix function in GNU tar has unspe ...
CVE-2007-4131Directory traversal vulnerability in the contains_dot_dot function in ...
CVE-2006-6097GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assi ...
CVE-2006-0300Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attac ...
CVE-2005-1918The original patch for a GNU tar directory traversal vulnerability (CV ...
CVE-2002-1216GNU tar 1.13.19 and other versions before 1.13.25 allows remote attack ...

Security announcements

DSA / DLADescription
DLA-1623-1tar - security update
DSA-3702-1tar - security update
DLA-690-1tar - security update
DSA-1438-1tar
DSA-1438-1tar
DSA-1223-1tar
DSA-987-1tar - buffer overflow

Search for package or bug name: Reporting problems