cpio 2.11+dfsg-1ubuntu1.2 source package in Ubuntu


cpio (2.11+dfsg-1ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: file overwrite via symlink attack
    - debian/patches/CVE-2015-1197.patch: don't write files over symlinks
      unless --extract-over-symlinks is used in doc/cpio.1, src/copyin.c,
      src/extern.h, src/global.c, src/main.c.
    - CVE-2015-1197
  * SECURITY UPDATE: out-of-bounds write
    - debian/patches/CVE-2016-2037.patch: make sure there is at least two
      bytes available in src/copyin.c, added comment to src/util.c.
    - CVE-2016-2037
  * debian/patches/fix-symlink-test.patch: fix date-sensitive test.

 -- Marc Deslauriers <email address hidden>  Thu, 18 Feb 2016 09:15:43 -0500

Upload details

Uploaded by:
Marc Deslauriers on 2016-02-18
Uploaded to:
Original maintainer:
Ubuntu Developers
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Trusty updates on 2016-02-22 main utils
Trusty security on 2016-02-22 main utils


File Size SHA-256 Checksum
cpio_2.11+dfsg.orig.tar.xz 784.1 KiB f3208df43692895e1ff84cb7625c6cc27b431c9a321fe414faed402b70660cd0
cpio_2.11+dfsg-1ubuntu1.2.debian.tar.bz2 36.9 KiB 409d5eb12ed0ae110a5473f8ccd168a352e6e1cdaafdc0a2c4fc20c618f3f81a
cpio_2.11+dfsg-1ubuntu1.2.dsc 1.9 KiB 25f24a9bad9beba0a482940079711d710872ec1f9e7a089a9a337109ca802bc2

View changes file

Binary packages built by this source

cpio: GNU cpio -- a program to manage archives of files

 GNU cpio is a tool for creating and extracting archives, or copying
 files from one place to another. It handles a number of cpio formats
 as well as reading and writing tar files.