[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Out of bounds read using malformed tar archive in GNU Tar and BSD Tar
From:       Hanno =?UTF-8?B?QsO2Y2s=?= <hanno () hboeck ! de>
Date:       2015-08-31 12:29:42
Message-ID: 20150831142942.74f0a4b7 () pc1
[Download RAW message or body]


On Mon, 31 Aug 2015 08:20:11 -0300
Gustavo Grieco <gustavo.grieco@gmail.com> wrote:

> Fortunately the last revisions of GNU Tar and libarchive fixed these
> issues. Do we have CVE for these issues?

The bsdtar issue looks like this one:
https://github.com/libarchive/libarchive/issues/515

I have reported ~20 such issues in libarchive in the past months.
Unfortunately there are still some open issues, I was hoping to create
an advisory once everything is done, but it has taken much longer than
expected.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@hboeck.de
GPG: BBB51E42

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]