Information on source package tar

Available versions

ReleaseVersion
buster1.30+dfsg-6
buster (security)1.30+dfsg-6+deb10u1
bullseye1.34+dfsg-1+deb11u1
bookworm1.34+dfsg-1.2+deb12u1
trixie1.35+dfsg-3
sid1.35+dfsg-3

Open unimportant issues

BugbusterbullseyebookwormtrixiesidDescription
TEMP-0290435-0B57B5vulnerablevulnerablevulnerablevulnerablevulnerabletar's rmt command may have undesired side effects
CVE-2022-48303vulnerablefixedfixedfixedfixedGNU Tar through 1.34 has a one-byte out-of-bounds read that results in ...
CVE-2021-20193vulnerablefixedfixedfixedfixedA flaw was found in the src/list.c of tar 1.33 and earlier. This flaw ...
CVE-2019-9923vulnerablefixedfixedfixedfixedpax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointe ...
CVE-2005-2541vulnerablevulnerablevulnerablevulnerablevulnerableTar 1.15.1 does not properly warn the user when extracting setuid or s ...

Resolved issues

BugDescription
CVE-2023-39804In GNU tar before 1.35, mishandled extension attributes in a PAX archi ...
CVE-2018-20482GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage ...
CVE-2016-6321Directory traversal vulnerability in the safer_name_suffix function in ...
CVE-2010-0624Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib. ...
CVE-2007-4476Buffer overflow in the safer_name_suffix function in GNU tar has unspe ...
CVE-2007-4131Directory traversal vulnerability in the contains_dot_dot function in ...
CVE-2006-6097GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assi ...
CVE-2006-0300Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attac ...
CVE-2005-1918The original patch for a GNU tar directory traversal vulnerability (CV ...
CVE-2002-1216GNU tar 1.13.19 and other versions before 1.13.25 allows remote attack ...

Security announcements

DSA / DLADescription
DLA-3755-1tar - security update
DLA-2830-1tar - security update
DLA-1623-1tar - security update
DSA-3702-1tar - security update
DLA-690-1tar - security update
DSA-1438-1tar
DSA-1223-1tar
DSA-987-1tar - buffer overflow

Search for package or bug name: Reporting problems