Heap-based buffer overflow allows remote rmt servers to cause a
denial of service (memory corruption) or possibly execute arbitrary
code by sending more data than was requested.
prodded by jasper@
* Fix archivation of sparse files in posix mode.
* Fix operation of --verify --listed-incremental.
* Fix --occurrence.
* Scope of --transform and --strip-components options.
* End-of-volume script can send the new volume name to tar.
* New option --exclude-tag allows to specify "exclusion tag files".
* The --exclude-cache option now excludes the directories themselves, too.
* Support for reading ustar type 'N' logical records has been removed.
* Race conditions around 'tar -x --same-owner' have been fixed.
GNU tar allows user-assisted attackers to overwrite arbitrary files
via a tar file that contains a GNUTYPE_NAMES record with a symbolic
link. (CVE-2006-6097)
A buffer overflow allows user-complicit attackers to cause a denial
of service (application crash) and possibly execute code via
unspecified vectors involving PAX extended headers.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300
Fix via Ubuntu (ultimately from upstream CVS).
ok pvalchev@
- Added support for POSIX.1-2001 and ustar archive formats.
- Various option cleanups.
- New message translations.
- Bug fixes.
Switch to .bz2 distfile since we already depend on bzip2 anyway.
