Publishing details

Published on 2016-02-22
Copied from ubuntu trusty in Private PPA for Ubuntu Security Team by Ubuntu Archive Robot

Changelog

cpio (2.11+dfsg-1ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: file overwrite via symlink attack
    - debian/patches/CVE-2015-1197.patch: don't write files over symlinks
      unless --extract-over-symlinks is used in doc/cpio.1, src/copyin.c,
      src/extern.h, src/global.c, src/main.c.
    - CVE-2015-1197
  * SECURITY UPDATE: out-of-bounds write
    - debian/patches/CVE-2016-2037.patch: make sure there is at least two
      bytes available in src/copyin.c, added comment to src/util.c.
    - CVE-2016-2037
  * debian/patches/fix-symlink-test.patch: fix date-sensitive test.

 -- Marc Deslauriers <email address hidden>  Thu, 18 Feb 2016 09:15:43 -0500

Available diffs

diff from 2.11+dfsg-1ubuntu1.1 to 2.11+dfsg-1ubuntu1.2 (3.5 KiB)

Builds

Built packages

cpio GNU cpio -- a program to manage archives of files

Package files

cpio_2.11+dfsg-1ubuntu1.2.debian.tar.bz2 (36.9 KiB)
cpio_2.11+dfsg-1ubuntu1.2.dsc (1.9 KiB)
cpio_2.11+dfsg-1ubuntu1.2_amd64.deb (72.1 KiB)
cpio_2.11+dfsg-1ubuntu1.2_arm64.deb (61.3 KiB)
cpio_2.11+dfsg-1ubuntu1.2_armhf.deb (62.9 KiB)
cpio_2.11+dfsg-1ubuntu1.2_i386.deb (71.2 KiB)
cpio_2.11+dfsg-1ubuntu1.2_powerpc.deb (65.8 KiB)
cpio_2.11+dfsg-1ubuntu1.2_ppc64el.deb (82.5 KiB)
cpio_2.11+dfsg.orig.tar.xz (784.1 KiB)