Ubuntu
cpio package

cpio 2.13+dfsg-4ubuntu4 source package in Ubuntu

Changelog

cpio (2.13+dfsg-4ubuntu4) impish; urgency=medium

  * SECURITY UPDATE: arbitrary code execution via crafted pattern file
    - debian/patches/CVE-2021-38185.patch: rewrite dynamic string support
      in src/copyin.c, src/copyout.c, src/copypass.c, src/dstring.c,
      src/dstring.h, src/util.c.
    - debian/patches/CVE-2021-38185.2.patch: don't call ds_resize in a loop
      in src/dstring.c.
    - debian/patches/CVE-2021-38185.3.patch: fix dynamic string
      reallocations in src/dstring.c.
    - CVE-2021-38185

 -- Marc Deslauriers <email address hidden>  Mon, 23 Aug 2021 07:56:42 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Impish
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
utils
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
cpio_2.13+dfsg.orig.tar.bz2 1.3 MiB fd1e6fb3c683bf82ae0db237af87376c6a376d1f6bf6564c9b335785e76106a9
cpio_2.13+dfsg-4ubuntu4.debian.tar.xz 35.6 KiB e2d49053f1e5f5c9f9b0825e3244b0c54be70dece280d16ac301ecff09141224
cpio_2.13+dfsg-4ubuntu4.dsc 2.1 KiB 11cae9fbc9d6bc977144d07f4a2589ebbdda55290b3a2fea5fdd550292c732f3

View changes file

Binary packages built by this source

cpio: No summary available for cpio in ubuntu impish.

No description available for cpio in ubuntu impish.

cpio-win32: No summary available for cpio-win32 in ubuntu impish.

No description available for cpio-win32 in ubuntu impish.