| Release | Version |
|---|---|
| buster | 1.30+dfsg-6 |
| bullseye | 1.34+dfsg-1 |
| bookworm | 1.34+dfsg-1 |
| sid | 1.34+dfsg-1 |
| Bug | buster | bullseye | bookworm | sid | Description |
|---|---|---|---|---|---|
| TEMP-0290435-0B57B5 | vulnerable | vulnerable | vulnerable | vulnerable | tar's rmt command may have undesired side effects |
| CVE-2021-20193 | vulnerable | fixed | fixed | fixed | A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw ... |
| CVE-2019-9923 | vulnerable | fixed | fixed | fixed | pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointe ... |
| CVE-2005-2541 | vulnerable | vulnerable | vulnerable | vulnerable | Tar 1.15.1 does not properly warn the user when extracting setuid or s ... |
| Bug | Description |
|---|---|
| CVE-2018-20482 | GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage ... |
| CVE-2016-6321 | Directory traversal vulnerability in the safer_name_suffix function in ... |
| CVE-2010-0624 | Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib. ... |
| CVE-2007-4476 | Buffer overflow in the safer_name_suffix function in GNU tar has unspe ... |
| CVE-2007-4131 | Directory traversal vulnerability in the contains_dot_dot function in ... |
| CVE-2006-6097 | GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assi ... |
| CVE-2006-0300 | Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attac ... |
| CVE-2005-1918 | The original patch for a GNU tar directory traversal vulnerability (CV ... |
| CVE-2002-1216 | GNU tar 1.13.19 and other versions before 1.13.25 allows remote attack ... |
| DSA / DLA | Description |
|---|---|
| DLA-2830-1 | tar - security update |
| DLA-1623-1 | tar - security update |
| DSA-3702-1 | tar - security update |
| DLA-690-1 | tar - security update |
| DSA-1438-1 | tar |
| DSA-1223-1 | tar |
| DSA-987-1 | tar - buffer overflow |