non port: archivers/gcpio/files/patch-doc_cpio.1 |
Number of commits found: 4 |
Friday, 15 Nov 2019
|
22:47 naddy
Security update to 2.13:
* Fix CVE-2015-1197
* Fix CVE-2016-2037
* Fix CVE-2019-14866
* Remove --extract-over-symlinks option again, which was part of an earlier
third-party fix for CVE-2015-1197.
Security: f59af308-07f3-11ea-8c56-f8b156b6dcc8
|
Thursday, 17 Sep 2015
|
20:15 naddy
Update to 2.12, but retain local fix for CVE-2015-1197.
|
Tuesday, 31 Mar 2015
|
14:29 naddy
CVE-2014-9112: Heap-based buffer overflow in the process_copy_in
function allows remote attackers to cause a denial of service via
a large block value in a cpio archive.
Fix from a series of upstream commits by Sergey Poznyakoff.
CVE-2015-1197: cpio, when using the --no-absolute-filenames option,
allows local users to write to arbitrary files via a symlink attack
on a file in an archive.
Fix from Vitezslav Cizek after 3.5 years of gestation in the SUSE
bug tracker.
PR: 198954
Obtained from: Debian
|
Thursday, 25 Mar 2010
|
21:54 naddy
Initial import for GNU cpio 2.11.
GNU cpio copies files into or out of a cpio or tar archive. The
archive can be another file on the disk, a magnetic tape, or a pipe.
|
Number of commits found: 4 |