From 4dae7592e5eabbb49a00d4c68aa02e54f4807c92 Mon Sep 17 00:00:00 2001
From: Wentao Zhang <wentao.zhang@windriver.com>
Date: Tue, 27 Feb 2024 13:48:39 +0800
Subject: [PATCH] Debian: tar : fix CVE-2022-48303/CVE-2023-39804

Upgrade tar to 1.34+dfsg-1+deb11u1

Refer to:
https://nvd.nist.gov/vuln/detail/CVE-2022-48303
https://nvd.nist.gov/vuln/detail/CVE-2023-39804

Test Plan:
Pass: downloader
Pass: build-pkgs --clean --all
Pass: build-image
Pass: boot

Closes-bug: #2052926

Change-Id: Iafa9152957b51cef162c318e3499457c276c041c
Signed-off-by: Wentao Zhang <wentao.zhang@windriver.com>
---
 debian-mirror-tools/config/debian/common/base-bullseye.lst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian-mirror-tools/config/debian/common/base-bullseye.lst b/debian-mirror-tools/config/debian/common/base-bullseye.lst
index 29b7b8c5..e8ff9c2c 100644
--- a/debian-mirror-tools/config/debian/common/base-bullseye.lst
+++ b/debian-mirror-tools/config/debian/common/base-bullseye.lst
@@ -1241,7 +1241,7 @@ syslog-ng-mod-sql  3.28.1-2+deb11u1 https://snapshot.debian.org/archive/debian/2
 syslinux-utils 3:6.04~git20190206.bf6db5b4+dfsg1-3+b1
 systemtap-sdt-dev  4.4-2
 sysvinit-utils  2.96-7+deb11u1
-tar  1.34+dfsg-1
+tar  1.34+dfsg-1+deb11u1  https://snapshot.debian.org/archive/debian/20240121T032514Z/pool/main/t/tar/tar_1.34%2Bdfsg-1%2Bdeb11u1_amd64.deb
 targetcli-fb   1:2.1.53-1
 tasksel  3.68+deb11u1
 tasksel-data  3.68+deb11u1