Bug 183571
Summary: | Multiple tar issues (CVE-2005-1918, CVE-2006-0300) | ||
---|---|---|---|
Product: | [Retired] Fedora Legacy | Reporter: | David Eisenstein <deisenst> |
Component: | tar | Assignee: | Fedora Legacy Bugs <bugs> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | pekkas, tseaver |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | LEGACY, rh73, rh90, 1, 2, 3 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-04-05 00:27:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
David Eisenstein
2006-03-02 01:16:25 UTC
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated packages to QA: 0aaaf5b265850a98ca905e032642c7e7ff882747 7.3/tar-1.13.25-4.7.2.legacy.i386.rpm 42f9320ba41fe16fc6cd6bc96a0cf3d129129ae3 7.3/tar-1.13.25-4.7.2.legacy.src.rpm a1b8401bcfab5b59ef6485c2f003c99f9d955627 9/tar-1.13.25-11.1.legacy.i386.rpm e6016d9f7129b9f69e6350f546873c0af8d56aad 9/tar-1.13.25-11.1.legacy.src.rpm 264654e875a63b775da4b24029ece266b04945f3 1/tar-1.13.25-12.1.legacy.i386.rpm 7800fe52d72911d7628d9ddc29587e5c835da741 1/tar-1.13.25-12.1.legacy.src.rpm 3207c5e30b153be417d7ea3ad019e23a2d1072e1 2/tar-1.13.25-14.1.legacy.i386.rpm 050f763b8729c4fdcb2a3e65c6f84fce5c3b4dca 2/tar-1.13.25-14.1.legacy.src.rpm d0a75ed94d9cfbd9f82e7dba87619f07b239fe1a 3/tar-1.14-5.FC3.1.legacy.i386.rpm c2ff13c32cfd8eab23ed5143c4085490cacaee75 3/tar-1.14-5.FC3.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/tar-1.13.25-4.7.2.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/tar-1.13.25-11.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/1/tar-1.13.25-12.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/2/tar-1.13.25-14.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/3/tar-1.14-5.FC3.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (GNU/Linux) iD8DBQFED31OLMAs/0C4zNoRAoSIAJ9igVJOX4VbPP/rBd0C+1mpmV/5EACgrZ0N 7WKdL0x7/pedxQdbeHDsPqk= =pVdu -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh: - source integrity good - spec file changes minimal - patches verified to come from RHEL +PUBLISH RHL73, RHL9, FC1, FC2, FC3 e6016d9f7129b9f69e6350f546873c0af8d56aad tar-1.13.25-11.1.legacy.src.rpm 7800fe52d72911d7628d9ddc29587e5c835da741 tar-1.13.25-12.1.legacy.src.rpm 050f763b8729c4fdcb2a3e65c6f84fce5c3b4dca tar-1.13.25-14.1.legacy.src.rpm 42f9320ba41fe16fc6cd6bc96a0cf3d129129ae3 tar-1.13.25-4.7.2.legacy.src.rpm c2ff13c32cfd8eab23ed5143c4085490cacaee75 tar-1.14-5.FC3.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFED8CEGHbTkzxSL7QRAlK8AKCe9v77ZzjguDoXsiOSJE7edIQD6wCfb4Lw sLm6/iFv/zZR+zLZbPvkN1w= =fwta -----END PGP SIGNATURE----- Packages were pushed to updates-testing. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Packages tested: 0caee4057c9325f93ac327e1a4d067fee8b1a744 tar-1.13.25-12.1.legacy.i386.rpm - SHA1 checksums and GPG signatures verified. - Packages installed cleanly. - Tested tar of sample directory before and after, with identical results. +VERIFY FC1 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEGO6M+gerLs4ltQ4RApPQAKDVPiTj1gA1hvrk0gej9XrN6b1U4ACeMd/p 543Of4Pk8O2TlIFeFhmo0lA= =Z9BS -----END PGP SIGNATURE----- Thanks! -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA for RHL9. Signature OK, upgrades OK. Rpm-build-compare.sh on the binaries also looks OK. Basic testing OK. +VERIFY RHL9 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFEGQDpGHbTkzxSL7QRAl7pAJ9B01KiyUx7QItpAqdktfyNXZpYzgCgzauT HzHJeJ3x2odgeK9WHvUpA80= =JUkB -----END PGP SIGNATURE----- Timeout shortened to one week. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 df30641462702e447ac80e5e71db048e039cc378 tar-1.13.25-11.1.legacy.i386.rpm installs OK. i can't see any easy way to test this in the references i've read, so can only add that tar works to pack, inventory and unpack using a selection of my normal flags. +VERIFY RH9 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEIn9EePtvKV31zw4RAuZbAJ9QGaxn0tIMQioNrzp2/RFRIFYJRQCgw2d8 RK7kbNkqS4oCUfzZPPxJjvM= =PU4v -----END PGP SIGNATURE----- Timeout over. Packages were released to updates. |