diff -Nru /tmp/oA6cIQXtxQ/cpio-2.6/debian/changelog /tmp/Bxk3XZLbH7/cpio-2.6/debian/changelog
--- /tmp/oA6cIQXtxQ/cpio-2.6/debian/changelog	2007-11-09 14:37:16.000000000 +0100
+++ /tmp/Bxk3XZLbH7/cpio-2.6/debian/changelog	2007-11-09 14:37:17.000000000 +0100
@@ -1,3 +1,15 @@
+cpio (2.6-17ubuntu0.6.10.1) edgy-security; urgency=low
+
+  * SECURITY UPDATE: Buffer overflow in the safer_name_suffix function in GNU tar has
+    unspecified attack vectors and impact, resulting in a "crashing stack."
+  * src/copyin.c: added patch from RedHat (https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-4476)
+    to prevent this to happen (LP: #161173)
+  * References: 
+    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-4476
+    CVE-2007-4476 
+
+ -- Stephan Hermann <sh@sourcecode.de>  Fri, 09 Nov 2007 14:15:33 +0100
+
 cpio (2.6-17) unstable; urgency=high
 
   * Fix setlocale glitch.  closes: #381348.
diff -Nru /tmp/oA6cIQXtxQ/cpio-2.6/src/copyin.c /tmp/Bxk3XZLbH7/cpio-2.6/src/copyin.c
--- /tmp/oA6cIQXtxQ/cpio-2.6/src/copyin.c	2007-11-09 14:37:16.000000000 +0100
+++ /tmp/Bxk3XZLbH7/cpio-2.6/src/copyin.c	2007-11-09 14:37:17.000000000 +0100
@@ -1365,11 +1365,12 @@
 
   if (prefix_len)
     {
-      char *prefix = alloca (prefix_len + 1);
+      char *prefix = xmalloc (prefix_len + 1);
       memcpy (prefix, file_name, prefix_len);
       prefix[prefix_len] = '\0';
 
       error (0, 0, ("Removing leading `%s' from member names"), prefix);
+      free(prefix);
     }
 
   if (!*p)