[3.8] tar: Infinite read loop in sparse_dump_region function in sparse.c (CVE-2018-20482)
GNU Tar through 1.30, when —sparse is used, mishandles file shrinkage
during read access, which allows local users to cause
a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by
a different user’s process (e.g., a system backup running as root).
(from redmine: issue id 9848, created on 2019-01-10, closed on 2019-01-18)
main/tar: security upgrade to 1.31 fixes #9848