[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1438-1] New tar packages fix several vulnerabilities

Am Freitag, 28. Dezember 2007 16:29 schrieb Florian Weimer:
> ------------------------------------------------------------------------
> Debian Security Advisory DSA-1438-1                  security@debian.org
> http://www.debian.org/security/                           Florian Weimer
> December 28, 2007                     http://www.debian.org/security/faq
> ------------------------------------------------------------------------
>
> Package        : tar
> Vulnerability  : several
> Problem type   : local(remote)
> Debian-specific: no
> CVE Id(s)      : CVE-2007-4131, CVE-2007-4476
>
> Several vulnerabilities have been discovered in GNU Tar.

Hello,

during the last six days, updates of the following packages were available via 
security.debian.org:

    debconf
    debconf-i18n
    findutils
    klibc-utils
    libc6
    libc6-i386
    libklibc
    libpam-modules
    libpam-runtime
    libpam0g
    linux-image-2.6.18-5-amd64
    locales
    tar
    tzdata

However, I cannot see any security announcement for most of these.  Were they 
updated because of the security fix for tar?  If yes, why doesn’t the 
security announcement mention that updated versions are available also for 
those packages?

Best wishes,
Wolfgang
Reply to: