-
cpio (2.13+dfsg-2ubuntu0.4) focal-security; urgency=medium
* SECURITY UPDATE: Path traversal vulnerability
- debian/patches/CVE-2023-7207.patch: Create symlink placeholder
if --no-absolute-filenames was given and replace placeholders
after extraction.
- debian/patches/revert-CVE-2015-1197-handling.patch: Removed.
- CVE-2023-7207
-- Fabian Toepfer <email address hidden> Sun, 28 Apr 2024 14:31:25 +0200
-
cpio (2.13+dfsg-2ubuntu0.3) focal-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution via crafted pattern file
- debian/patches/CVE-2021-38185.patch: rewrite dynamic string support
in src/copyin.c, src/copyout.c, src/copypass.c, src/dstring.c,
src/dstring.h, src/util.c.
- debian/patches/CVE-2021-38185.2.patch: don't call ds_resize in a loop
in src/dstring.c.
- debian/patches/CVE-2021-38185.3.patch: fix dynamic string
reallocations in src/dstring.c.
- CVE-2021-38185
-- Marc Deslauriers <email address hidden> Wed, 25 Aug 2021 06:52:28 -0400
-
cpio (2.13+dfsg-2) unstable; urgency=medium
* Fix a regression in handling of CVE-2015-1197 & --no-absolute-filenames by
reverting part of an upstream commit. (Closes: #946267, #946469)
* Add Vcs-Git and Vcs-Browser pointing to my personal Salsa repository (in
lieu of anything at all).
* Bump Standards-Version to 4.5.0.
-- Chris Lamb <email address hidden> Sat, 01 Feb 2020 14:11:00 +0100
-
cpio (2.13+dfsg-1) unstable; urgency=medium
* New upstream release.
* Autoreconf using version 1.16.1 and update autoreconf.patch.
* Update patches:
- Drop patch for CVE-2016-2037; applied upstream.
- Drop CVE-2015-1197.patch; now addressed upstream.
- Modify doc/Makefile.am (vs. doc/Makefile.in) prior to autoreconfing vs.
the generated doc/Makefile.in.
- Refresh whitespace, etc. in patches via pq import/export.
* debian/control:
- Bump Standards-Version to 4.4.1
- Drop misleading Vcs-{Git,Browser}.
- Use HTTPS Homepage URI.
- Specify Rules-Requires-Root: binary-targets.
-- Chris Lamb <email address hidden> Wed, 20 Nov 2019 13:33:36 -0500
-
cpio (2.12+dfsg-9ubuntu1) focal; urgency=medium
* SECURITY UPDATE: Improper input validation
- debian/patches/CVE-2019-14866.patch: improve diagnostics,
remove to_oct_or_error, adding new macro in
src/copyout.c, src/extern.h, src/tar.c.
- CVE-2019-14866
-- <email address hidden> (Leonidas S. Barbosa) Wed, 06 Nov 2019 13:53:33 -0300
-
cpio (2.12+dfsg-9) unstable; urgency=medium
* Reinstate the call to update-alternatives(1) that I didnt see in the prerm
script. Thanks again to Ivo De Decker. (Closes: #926698)
-- Chris Lamb <email address hidden> Tue, 23 Apr 2019 16:29:37 +0100