On Friday 11 October 2002 14:04, pointer wrote:
>Joshua,
>
>On Fri, 2002-10-11 at 11:50, Joshua Baker-LePain wrote:
>> Bad. Bad bad bad. If you're using indexing, they're broken.
>> amrecover won't work. Run, don't walk, to download 1.13.25 from
>> ftp://alpha.gnu.org.
>
>Thanks for the heads-up. I'd seen this, but hadn't gotten around
> to updating it. Yes, bad, bad, bad! Anyone know when a new
> version is coming out to fix CAN-2002-0399?
>
>Did I misunderstand the vuln announcement, or is this really only
>exploitable when a superuser extracts files from a tarball without
>looking at the contents...?
Thats the way I read that announcement.
>____SNIP____
>$ tar --version
>tar (GNU tar) 1.13.25
>Copyright (C) 2001 Free Software Foundation, Inc.
>This program comes with NO WARRANTY, to the extent permitted by
> law. You may redistribute it under the terms of the GNU General
> Public License;
>see the file named COPYING for details.
>Written by John Gilmore and Jay Fenlason.
>____SNIP____
this is the good one AFAIK.
--
Cheers, Gene
AMD K6-III@500mhz 320M
Athlon1600XP@1400mhz 512M
99.17% setiathome rank, not too shabby for a WV hillbilly
|