+++ This bug was initially created as a clone of Bug #313333 +++
Heap-based buffer overflow in the rmt_read__ function in
lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23
and GNU cpio before 2.11 allows remote rmt servers to cause a denial
of service (memory corruption) or possibly execute arbitrary code by
sending more data than was requested, related to archive filenames
that contain a : (colon) character.
i dont think there is any relationship to tar
Stable for HPPA.
Marked ppc stable.
Thanks, folks. GLSA request filed.
This issue was resolved and addressed in
GLSA 201311-21 at http://security.gentoo.org/glsa/glsa-201311-21.xml
by GLSA coordinator Sergey Popov (pinkbyte).