NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
bc96e9da0d
kumquat-buildroot/package/tar
History
Peter Korsgaard ad0bb50dc7 package/tar: add upstream security patch for CVE-2022-48303 
Fixes CVE-2022-48303: GNU Tar through 1.34 has a one-byte out-of-bounds read
that results in use of uninitialized memory for a conditional jump.
Exploitation to change the flow of control has not been demonstrated.  The
issue occurs in from_header in list.c via a V7 archive in which mtime has
approximately 11 whitespace characters.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: add _IGNORE_CVES entry]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-13 22:51:01 +01:00
..
0001-lib-getrandom.c-fix-build-with-uclibc-1.0.35.patch
0002-Fix-boundary-checking-in-base-256-decoder.patch package/tar: add upstream security patch for CVE-2022-48303 2023-11-13 22:51:01 +01:00
Config.in
tar.hash
tar.mk package/tar: add upstream security patch for CVE-2022-48303 2023-11-13 22:51:01 +01:00