Re: [SECURITY] [DSA 1438-1] New tar packages fix several vulnerabilities

[Martin Zobel-Helas <zobel@ftbfs.de>]

Hi, 

On Fri Dec 28, 2007 at 22:10:08 +0100, Wolfgang Jeltsch wrote:
> Am Freitag, 28. Dezember 2007 16:29 schrieb Florian Weimer:
> > ------------------------------------------------------------------------
> > Debian Security Advisory DSA-1438-1                  security@debian.org
> > http://www.debian.org/security/                           Florian Weimer
> > December 28, 2007                     http://www.debian.org/security/faq
> > ------------------------------------------------------------------------
> >
> > Package        : tar
> > Vulnerability  : several
> > Problem type   : local(remote)
> > Debian-specific: no
> > CVE Id(s)      : CVE-2007-4131, CVE-2007-4476
> >
> > Several vulnerabilities have been discovered in GNU Tar.
> 
> Hello,
> 
> during the last six days, updates of the following packages were available via 
> security.debian.org:

wrong.

>     debconf
>     debconf-i18n
>     findutils
>     klibc-utils
>     libc6
>     libc6-i386
>     libklibc
>     libpam-modules
>     libpam-runtime
>     libpam0g
>     linux-image-2.6.18-5-amd64
>     locales
>     tar
>     tzdata
> 
> However, I cannot see any security announcement for most of these.  Were they 
> updated because of the security fix for tar?  If yes, why doesn’t the 
> security announcement mention that updated versions are available also for 
> those packages?

see http://lists.debian.org/debian-announce/debian-announce-2007/msg00004.html

-- 
[root@debian /root]# man real-life
No manual entry for real-life