Source: cpio Version: 2.11-4 Severity: important Tags: security upstream Hi!
See http://seclists.org/oss-sec/2016/q1/440 for reproducers (isses can be uncovered if compiled with ASAN). There is no CVE assigned yet for those, and as well I think no patch from upstream. Regards, Salvatore
