Hosting Provided By

Re: [SECURITY] [DSA 1438-1] New tar packages fix several vulnerabilities

From: Wolfgang Jeltsch <7o2lccqg(at)acme.softbase.org>
Date: Fri Dec 28 2007 - 16:10:08 EST

Am Freitag, 28. Dezember 2007 16:29 schrieb Florian Weimer:
> ------------------------------------------------------------------------
> Debian Security Advisory DSA-1438-1 security@debian.org
> http://www.debian.org/security/ Florian Weimer
> December 28, 2007 http://www.debian.org/security/faq
> ------------------------------------------------------------------------
>
> Package : tar
> Vulnerability : several
> Problem type : local(remote)
> Debian-specific: no
> CVE Id(s) : CVE-2007-4131, CVE-2007-4476
>
> Several vulnerabilities have been discovered in GNU Tar.

Hello,

during the last six days, updates of the following packages were available via security.debian.org:

    debconf
    debconf-i18n
    findutils
    klibc-utils
    libc6
    libc6-i386
    libklibc
    libpam-modules
    libpam-runtime
    libpam0g
    linux-image-2.6.18-5-amd64
    locales
    tar
    tzdata

However, I cannot see any security announcement for most of these. Were they updated because of the security fix for tar? If yes, why doesnâ€™t the security announcement mention that updated versions are available also for those packages?

Best wishes,
Wolfgang Received on Fri Dec 28 16:31:41 2007

This message: [ Message body ]
Next message: Martin Zobel-Helas: "Re: [SECURITY] [DSA 1438-1] New tar packages fix several vulnerabilities"
Previous message: Aaron D. Wrasman: "Re: PCI vulnerability scan - PHP4 on Sarge"
Next in thread: Martin Zobel-Helas: "Re: [SECURITY] [DSA 1438-1] New tar packages fix several vulnerabilities"
Reply: Martin Zobel-Helas: "Re: [SECURITY] [DSA 1438-1] New tar packages fix several vulnerabilities"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:54:44 EDT