-
cpio (2.11+dfsg-5ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: Improper input validation
- debian/patches/CVE-2019-14866.patch: improve diagnostics,
remove to_oct_or_error, adding new macro in
src/copyout.c, src/extern.h, src/tar.c.
- CVE-2019-14866
-- <email address hidden> (Leonidas S. Barbosa) Tue, 05 Nov 2019 13:40:47 -0300
-
cpio (2.11+dfsg-5ubuntu1) xenial; urgency=medium
* Resynchronise with Debian. Remaining changes:
- Don't build a cpio-win32 package since mingw-w64 is in universe.
cpio (2.11+dfsg-5) unstable; urgency=medium
[ Salvatore Bonaccorso ]
* CVE-2016-2037: 1-byte out-of-bounds write (Closes: #812401)
[ Jérémy Bobbio ]
* Make the package build reproducibly:
- Fix mtimes before building binary packages.
- Stop recording the current time when creating gzip files.
- Sort file list in md5sums.
Closes: #774426
[ Anibal Monsalve Salazar ]
* Standards-Version: 3.9.6
-- Marc Deslauriers <email address hidden> Thu, 18 Feb 2016 09:36:00 -0500
-
cpio (2.11+dfsg-4.1ubuntu1) vivid; urgency=medium
* Resynchronise with Debian. Remaining changes:
- Don't build a cpio-win32 package since mingw-w64 is in universe.
cpio (2.11+dfsg-4.1) unstable; urgency=medium
* Apply patch by Vitezslav Cizek of SuSE to fix CVE-2015-1197.
Upstream is dormant or no longer existing. To restore the old
behaviour use --extract-over-symlinks (Closes: #774669)
This issue has been discovered by Alexander Cherepanov.
-- Colin Watson <email address hidden> Sun, 08 Mar 2015 09:31:21 +0000