-
cpio (2.12+dfsg-6ubuntu0.18.04.4) bionic-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution via crafted pattern file
- debian/patches/CVE-2021-38185.patch: rewrite dynamic string support
in src/copyin.c, src/copyout.c, src/copypass.c, src/dstring.c,
src/dstring.h, src/util.c.
- debian/patches/CVE-2021-38185.2.patch: don't call ds_resize in a loop
in src/dstring.c.
- debian/patches/CVE-2021-38185.3.patch: fix dynamic string
reallocations in src/dstring.c.
- CVE-2021-38185
-- Marc Deslauriers <email address hidden> Wed, 25 Aug 2021 06:53:46 -0400
-
cpio (2.12+dfsg-6ubuntu0.18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: Improper input validation
- debian/patches/CVE-2019-14866.patch: improve diagnostics,
remove to_oct_or_error, adding new macro in
src/copyout.c, src/extern.h, src/tar.c.
- CVE-2019-14866
-- <email address hidden> (Leonidas S. Barbosa) Tue, 05 Nov 2019 15:09:06 -0300
-
cpio (2.12+dfsg-6) unstable; urgency=medium
* Upload to unstable.
- Update debian/gbp.conf.
* Remove empty directories under usr/share/man.
* debian/control: "Priority: extra" has been replaced with "Priority:
optional".
-- Chris Lamb <email address hidden> Sat, 02 Dec 2017 09:27:39 +0000
-
cpio (2.11+dfsg-6) unstable; urgency=medium
* Man page for "mt" describes how to "fast erase"
Patch by Kees Cook
Add fix.mt-erase.manpage.patch
Closes: #770198
* Backport "New options to create device and inode-independent
archives." from cpio 2.12
Patch by Chris Lamb
Add reproducible.patch
See #804063
* Standards-Version: 3.9.8
* Refresh patches
-- Anibal Monsalve Salazar <email address hidden> Tue, 29 Nov 2016 12:31:53 +0000