Transactions D54508 Change Details

Change Details

Old
New
Diff

//(additional summary proposed by me)// 3.8.4 introduced a regression that allowed users of `tar` that specified `-s` to specify specially crafted input that could result in tar(1) crashing with incorrect buffer accesses. Whether or not this is a CVE-worthy issue is still TBD. I would need to take a look at the NIST CVE rubric to see what the criteria is for rating the issue.

//(additional summary proposed by me)// 3.8.4 introduced a regression that allowed users of `tar` that specified `-s` to specify specially crafted input that could result in tar(1) crashing with incorrect buffer accesses. Whether or not this is a CVE-worthy issue is still TBD. I would need to take a look at the NIST CVE rubric to see what the criteria is for rating the issue.