Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 16 Jan 2009 05:38:41 GMT
From:      Mark Foster <mark@foster.cc>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/130602: vuxml submission for archivers/gtar
Message-ID:  <200901160538.n0G5cfKU015594@www.freebsd.org>
Resent-Message-ID: <200901160540.n0G5e10p046897@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         130602
>Category:       ports
>Synopsis:       vuxml submission for archivers/gtar
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 16 05:40:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Mark Foster
>Release:        7.1
>Organization:
Credentia
>Environment:
FreeBSD frau.foster.cc 7.1-RELEASE-p1 FreeBSD 7.1-RELEASE-p1 #4: Sat Jan 10 20:04:30 PST 2009     root@frau.foster.cc:/usr/obj/usr/src/sys/GENERIC  i386

>Description:

>How-To-Repeat:

>Fix:
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
  <vuln vid="0809ce7d-f672-4924-9b3b-7c74bc279b83">
    <topic>gtar -- GNU TAR and CPIO safer_name_suffix Remote Denial of Service Vulnerability</topic>
    <affects>
      <package>
        <name>gtar</name>
        <range><lt>1.16</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">;
        <p>SecurityFocus reports:</p>
        <blockquote cite="http://www.securityfocus.com/bid/26445/">;
          <p>GNUs tar and cpio utilities are prone to a denial-of-service vulnerability because of insecure use of the alloca function.

Successfully exploiting this issue allows attackers to crash the affected utilities and possibly to execute code but this has not been confirmed.

GNU tar and cpio utilities share the same vulnerable code and are both affected. Other utilities sharing this code may also be affected. </p>
        </blockquote>
      </body>
    </description>
    <references>
     <url>http://www.securityfocus.com/bid/26445/</url>;
     <cvename>CVE-2007-4476</cvename>
     <bid>26445</bid>
    </references>
    <dates>
      <discovery>2007-11-14</discovery>
      <entry>2009-01-15</entry>
    </dates>
  </vuln> 

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901160538.n0G5cfKU015594>