It was discovered that tar-rs incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside the extraction root, and possibly escalate privileges.
0.4.37-3ubuntu0.10.4.40-1ubuntu0.10.4.43-4ubuntu0.1