Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

archive/tar: malformed input causes panic in parsePAXRecord [1.14 backport] #44182

Closed
gopherbot opened this issue Feb 9, 2021 · 2 comments
Closed

archive/tar: malformed input causes panic in parsePAXRecord [1.14 backport] #44182

gopherbot opened this issue Feb 9, 2021 · 2 comments
Labels
FrozenDueToAge
Milestone
Go1.14.16

Comments

@gopherbot
Copy link

@odeke-em requested issue #40196 to be considered for backport to the next 1.14 minor release.

@gopherbot please backport this issue as it is a security problem and has existed since for the past 8 years as per https://codereview.appspot.com/6700047.
@gopherbot gopherbot added the CherryPickCandidate Used during the release process for point releases label Feb 9, 2021
@gopherbot gopherbot mentioned this issue Feb 9, 2021
Closed
@gopherbot gopherbot added this to the Go1.14.16 milestone Feb 9, 2021
@gopherbot
Copy link
Author

Change https://golang.org/cl/290649 mentions this issue: [release-branch.go1.14] archive/tar: detect out of bounds accesses in PAX records resulting from padded lengths

@dmitshur
Copy link
Contributor

Closing for the reason described in #44183 (comment).

@dmitshur dmitshur removed the CherryPickCandidate Used during the release process for point releases label Mar 4, 2021
@golang golang locked and limited conversation to collaborators Mar 4, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Go1.14.16
Development

No branches or pull requests
2 participants
@dmitshur @gopherbot