cpio 2.11-7ubuntu3.2 source package in Ubuntu


cpio (2.11-7ubuntu3.2) precise-security; urgency=medium

  * SECURITY UPDATE: file overwrite via symlink attack
    - debian/patches/CVE-2015-1197.patch: don't write files over symlinks
      unless --extract-over-symlinks is used in doc/cpio.1, src/copyin.c,
      src/extern.h, src/global.c, src/main.c.
    - CVE-2015-1197
  * SECURITY UPDATE: out-of-bounds write
    - debian/patches/CVE-2016-2037.patch: make sure there is at least two
      bytes available in src/copyin.c, added comment to src/util.c.
    - CVE-2016-2037
  * debian/patches/fix-symlink-test.patch: fix date-sensitive test.

 -- Marc Deslauriers <email address hidden>  Thu, 18 Feb 2016 09:19:26 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Original maintainer:
Ubuntu Developers
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section


File Size SHA-256 Checksum
cpio_2.11.orig.tar.gz 1.3 MiB 58b8f22f34c905d5fbf320f5abb691b1880661f06a78e93058c57060c64a18b6
cpio_2.11-7ubuntu3.2.debian.tar.gz 37.9 KiB 30b3c732a784e6cc05f124bb9f9110029e27354fa9d7baf3a450da7de5805844
cpio_2.11-7ubuntu3.2.dsc 1.9 KiB d244022471f22a178374ae2a2a2e06ae03028f6be127cd7ba964399bd66b05a4

View changes file

Binary packages built by this source

cpio: GNU cpio -- a program to manage archives of files

 GNU cpio is a tool for creating and extracting archives, or copying
 files from one place to another. It handles a number of cpio formats
 as well as reading and writing tar files.