Ubuntu
cpio package

cpio 2.12+dfsg-6ubuntu0.18.04.4 source package in Ubuntu

Changelog

cpio (2.12+dfsg-6ubuntu0.18.04.4) bionic-security; urgency=medium

  * SECURITY UPDATE: arbitrary code execution via crafted pattern file
    - debian/patches/CVE-2021-38185.patch: rewrite dynamic string support
      in src/copyin.c, src/copyout.c, src/copypass.c, src/dstring.c,
      src/dstring.h, src/util.c.
    - debian/patches/CVE-2021-38185.2.patch: don't call ds_resize in a loop
      in src/dstring.c.
    - debian/patches/CVE-2021-38185.3.patch: fix dynamic string
      reallocations in src/dstring.c.
    - CVE-2021-38185

 -- Marc Deslauriers <email address hidden>  Wed, 25 Aug 2021 06:53:46 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Bionic
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
utils
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Bionic updates main utils
Bionic security main utils

Downloads

File Size SHA-256 Checksum
cpio_2.12+dfsg.orig.tar.bz2 1.2 MiB f27a009166b26925802030d87b99b7113014691bfa081260878aee076dc01183
cpio_2.12+dfsg-6ubuntu0.18.04.4.debian.tar.xz 29.3 KiB e165ad25307dcf54d95204e03796035b58223a22ede1e97c9ca129535ab81012
cpio_2.12+dfsg-6ubuntu0.18.04.4.dsc 2.0 KiB f38768d0c2ea3965e16f0b86308c5029850fc8e89fbecfb705e91984d330e134

View changes file

Binary packages built by this source

cpio: GNU cpio -- a program to manage archives of files

 GNU cpio is a tool for creating and extracting archives, or copying
 files from one place to another. It handles a number of cpio formats
 as well as reading and writing tar files.

cpio-win32: GNU cpio -- a program to manage archives of files (win32 build)

 GNU cpio is a tool for creating and extracting archives, or copying
 files from one place to another. It handles a number of cpio formats
 as well as reading and writing tar files.
 .
 This is a win32 version of cpio. It's meant to be used by the win32-loader
 component of Debian-Installer.