You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
upstream fix
About this tag
The upstream fix tag on WindowsForum.com covers discussions about software patches that originate from a project's official source code repository before being backported to distributions. A key example is the GNU Tar CVE-2022-48303, a one-byte memory safety bug in versions through 1.34 that was fixed upstream but required downstream Linux distributions and embedded products to issue their own advisories and patches. Topics include the nature of the vulnerability, the upstream patch, and the downstream rollout process. This tag is relevant for users tracking how security fixes flow from open-source projects to end-user systems.
GNU Tar’s handling of an old V7 archive format triggered a subtle memory-safety problem that quietly landed in the CVE lists: CVE-2022-48303 is a one‑byte out‑of‑bounds read in GNU Tar through version 1.34 that can cause use of uninitialized memory during a conditional jump — a bug that was...