Ubuntu
cpio package

cpio 2.13+dfsg-4ubuntu0.3 source package in Ubuntu

Changelog

cpio (2.13+dfsg-4ubuntu0.3) hirsute-security; urgency=medium

  * SECURITY UPDATE: arbitrary code execution via crafted pattern file
    - debian/patches/CVE-2021-38185.patch: rewrite dynamic string support
      in src/copyin.c, src/copyout.c, src/copypass.c, src/dstring.c,
      src/dstring.h, src/util.c.
    - debian/patches/CVE-2021-38185.2.patch: don't call ds_resize in a loop
      in src/dstring.c.
    - debian/patches/CVE-2021-38185.3.patch: fix dynamic string
      reallocations in src/dstring.c.
    - CVE-2021-38185

 -- Marc Deslauriers <email address hidden>  Wed, 25 Aug 2021 06:50:47 -0400

Upload details

Uploaded by:: Marc Deslauriers on 2021-08-25

Uploaded to:: Hirsute

Original maintainer:: Ubuntu Developers

Architectures:: any all

Section:: utils

Urgency:: Medium Urgency

See full publishing history Publishing

Series	Pocket	Published	Component	Section

Builds

Hirsute: amd64 arm64 armhf i386 ppc64el riscv64 s390x

Downloads

File	Size	SHA-256 Checksum
cpio_2.13+dfsg.orig.tar.bz2	1.3 MiB	fd1e6fb3c683bf82ae0db237af87376c6a376d1f6bf6564c9b335785e76106a9
cpio_2.13+dfsg-4ubuntu0.3.debian.tar.xz	35.5 KiB	aaf08d7f42567cea142b4be08b8294397895993cca9d93d9ded004f929b65fef
cpio_2.13+dfsg-4ubuntu0.3.dsc	2.1 KiB	c0bd07cc19cc4424d97e8dfd3c2853e9cc906a9ad0a17ec066c4b70d21167334

Available diffs

diff from 2.13+dfsg-4ubuntu0.2 to 2.13+dfsg-4ubuntu0.3 (1.4 KiB)

View changes file

Binary packages built by this source

cpio: No summary available for cpio in ubuntu hirsute.: No description available for cpio in ubuntu hirsute.

cpio-win32: No summary available for cpio-win32 in ubuntu hirsute.: No description available for cpio-win32 in ubuntu hirsute.

Ubuntucpio package

cpio 2.13+dfsg-4ubuntu0.3 source package in Ubuntu

Changelog

Upload details

See full publishing history Publishing

Builds

Downloads

Available diffs

Binary packages built by this source

Ubuntu
cpio package