-
cpio (2.13+dfsg-4ubuntu4) impish; urgency=medium
* SECURITY UPDATE: arbitrary code execution via crafted pattern file
- debian/patches/CVE-2021-38185.patch: rewrite dynamic string support
in src/copyin.c, src/copyout.c, src/copypass.c, src/dstring.c,
src/dstring.h, src/util.c.
- debian/patches/CVE-2021-38185.2.patch: don't call ds_resize in a loop
in src/dstring.c.
- debian/patches/CVE-2021-38185.3.patch: fix dynamic string
reallocations in src/dstring.c.
- CVE-2021-38185
-- Marc Deslauriers <email address hidden> Mon, 23 Aug 2021 07:56:42 -0400
-
cpio (2.13+dfsg-4ubuntu3) impish; urgency=medium
* Back out CVE-2021-381185 patches for now as they appear to be causing a
regression when building the kernel
- debian/patches/CVE-2021-38185.patch: disabled
- debian/patches/CVE-2021-38185.2.patch: disabled
-- Marc Deslauriers <email address hidden> Mon, 16 Aug 2021 12:34:15 -0400
-
cpio (2.13+dfsg-4ubuntu2) impish; urgency=medium
* SECURITY UPDATE: arbitrary code execution via crafted pattern file
- debian/patches/CVE-2021-38185.2.patch: don't call ds_resize in a loop
in src/dstring.c.
- CVE-2021-38185
-- Juerg Haefliger <email address hidden> Mon, 16 Aug 2021 09:19:47 +0000
-
cpio (2.13+dfsg-4ubuntu1) impish; urgency=medium
* SECURITY UPDATE: arbitrary code execution via crafted pattern file
- debian/patches/CVE-2021-38185.patch: rewrite dynamic string support
in src/copyin.c, src/copyout.c, src/copypass.c, src/dstring.c,
src/dstring.h, src/util.c.
- CVE-2021-38185
-- Marc Deslauriers <email address hidden> Mon, 09 Aug 2021 13:39:44 -0400
-
cpio (2.13+dfsg-4) unstable; urgency=medium
* Source only upload to enable migration.
Closes: #969660
-- Anibal Monsalve Salazar <email address hidden> Thu, 17 Sep 2020 21:16:18 +1000
