buildroot/package/tar
Peter Korsgaard ad0bb50dc7 package/tar: add upstream security patch for CVE-2022-48303
Fixes CVE-2022-48303: GNU Tar through 1.34 has a one-byte out-of-bounds read
that results in use of uninitialized memory for a conditional jump.
Exploitation to change the flow of control has not been demonstrated.  The
issue occurs in from_header in list.c via a V7 archive in which mtime has
approximately 11 whitespace characters.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: add _IGNORE_CVES entry]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-13 22:51:01 +01:00
..
0001-lib-getrandom.c-fix-build-with-uclibc-1.0.35.patch
0002-Fix-boundary-checking-in-base-256-decoder.patch package/tar: add upstream security patch for CVE-2022-48303 2023-11-13 22:51:01 +01:00
Config.in
tar.hash Revert "package/tar: security bump to version 1.35" 2023-11-13 22:49:36 +01:00
tar.mk package/tar: add upstream security patch for CVE-2022-48303 2023-11-13 22:51:01 +01:00