type: security
subject: Updated tar packages fix security vulnerability
CVE:
 - CVE-2019-9923
src:
  6:
   core:
     - tar-1.31-1.1.mga6
description: |
  pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer
  dereference when parsing certain archives that have malformed extended
  headers (CVE-2019-9923).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24756
 - https://lists.opensuse.org/opensuse-updates/2019-04/msg00148.html