Comment 1 Robert Buchholz (RETIRED) 2007-08-21 09:38:06 UTC

Created attachment 128748 [details, diff]
tar-1.15.1-alt-contains_dot_dot.diff

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) 2007-08-21 20:38:02 UTC

base-system please advise and patch as necessary.

Comment 3 Roy Marples (RETIRED) 2007-08-22 09:18:01 UTC

1.17-r1 and 1.18-r1 have been added to the tree with this patch. Older versions have now been punted.

1.17 is stable across all arches and 1.18 is in the process of being stabled on bug #184453.

Comment 4 Sune Kloppenborg Jeppesen (RETIRED) 2007-08-22 16:52:41 UTC

Arches please test and mark stable. Target keywords are:

"alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd"

Comment 5 Gustavo Zacarias (RETIRED) 2007-08-22 17:54:53 UTC

sparc stable for 1.18-r2 (which is probably the one you want?)

Comment 6 Tobias Scherbaum (RETIRED) 2007-08-22 18:29:08 UTC

ppc stable

Comment 7 Andrej Kacian (RETIRED) 2007-08-22 20:34:19 UTC

x86 done

Comment 8 Christoph Mende (RETIRED) 2007-08-22 22:31:47 UTC

amd64 stable

Comment 9 Jeroen Roovers (RETIRED) 2007-08-23 04:55:48 UTC

Stable for HPPA.

Comment 10 Joshua Kinard 2007-08-23 05:41:28 UTC

mips stable.

Comment 11 Raúl Porcel (RETIRED) 2007-08-24 14:28:31 UTC

alpha/ia64 stable

Comment 12 Markus Rothe (RETIRED) 2007-08-29 10:25:52 UTC

ppc64 stable

Comment 13 Pierre-Yves Rofes (RETIRED) 2007-09-01 22:22:57 UTC

Stabling seems done on all arches, time for glsa decision. I tend to vote yes.

Comment 14 Sune Kloppenborg Jeppesen (RETIRED) 2007-09-08 15:41:31 UTC

I vote YES.

Comment 15 Matt Drew (RETIRED) 2007-09-09 22:32:52 UTC

I vote yes, the flaw is (apparently) easy to use, and tar is of course ubiquitous.  Submitting request.

Comment 16 Christian Faulhammer (RETIRED) 2007-09-16 10:09:44 UTC

This is GLSA 200709-09, done by falco.  Thanks to everyone, closing