Publishing details
Changelog
cpio (2.13+dfsg-2ubuntu0.3) focal-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution via crafted pattern file
- debian/patches/CVE-2021-38185.patch: rewrite dynamic string support
in src/copyin.c, src/copyout.c, src/copypass.c, src/dstring.c,
src/dstring.h, src/util.c.
- debian/patches/CVE-2021-38185.2.patch: don't call ds_resize in a loop
in src/dstring.c.
- debian/patches/CVE-2021-38185.3.patch: fix dynamic string
reallocations in src/dstring.c.
- CVE-2021-38185
-- Marc Deslauriers <email address hidden> Wed, 25 Aug 2021 06:52:28 -0400
Builds
Built packages
-
cpio
GNU cpio -- a program to manage archives of files
-
cpio-win32
GNU cpio -- a program to manage archives of files (win32 build)
Package files