Publishing details

Published on 2021-09-08
Copied from ubuntu focal in PPA for Ubuntu Security Proposed by Marc Deslauriers

Changelog

cpio (2.13+dfsg-2ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: arbitrary code execution via crafted pattern file
    - debian/patches/CVE-2021-38185.patch: rewrite dynamic string support
      in src/copyin.c, src/copyout.c, src/copypass.c, src/dstring.c,
      src/dstring.h, src/util.c.
    - debian/patches/CVE-2021-38185.2.patch: don't call ds_resize in a loop
      in src/dstring.c.
    - debian/patches/CVE-2021-38185.3.patch: fix dynamic string
      reallocations in src/dstring.c.
    - CVE-2021-38185

 -- Marc Deslauriers <email address hidden>  Wed, 25 Aug 2021 06:52:28 -0400

Available diffs

diff from 2.13+dfsg-2ubuntu0.2 to 2.13+dfsg-2ubuntu0.3 (1.4 KiB)

Builds

Built packages

cpio GNU cpio -- a program to manage archives of files

cpio-win32 GNU cpio -- a program to manage archives of files (win32 build)

Package files

cpio-win32_2.13+dfsg-2ubuntu0.3_all.deb (70.1 KiB)
cpio_2.13+dfsg-2ubuntu0.3.debian.tar.xz (35.1 KiB)
cpio_2.13+dfsg-2ubuntu0.3.dsc (2.1 KiB)
cpio_2.13+dfsg-2ubuntu0.3_amd64.deb (84.4 KiB)
cpio_2.13+dfsg-2ubuntu0.3_arm64.deb (78.4 KiB)
cpio_2.13+dfsg-2ubuntu0.3_armhf.deb (73.3 KiB)
cpio_2.13+dfsg-2ubuntu0.3_i386.deb (92.6 KiB)
cpio_2.13+dfsg-2ubuntu0.3_ppc64el.deb (100.1 KiB)
cpio_2.13+dfsg-2ubuntu0.3_riscv64.deb (75.2 KiB)
cpio_2.13+dfsg-2ubuntu0.3_s390x.deb (79.5 KiB)
cpio_2.13+dfsg.orig.tar.bz2 (1.3 MiB)