Package: cpio Version: 2.6-9 Severity: important Tags: security Justification: user security hole
For very large archives the ASCII representation of the file size may exceed eight bytes and trigger a buffer overflow. Please see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172669 for details and upstream's patch. This affects oldstable and stable as well. This is CVE-2005-4268, please mention it in the changelog when fixing this. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-1-686 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages cpio depends on: ii libc6 2.3.5-8.1 GNU C Library: Shared libraries an cpio recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
