Hi! In Fedora/RHEL, both cpio 2.6 and 2.9 versions were affected. You may want to check:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-4476 http://koji.fedoraproject.org/koji/packageinfo?packageID=637 http://cvs.fedora.redhat.com/viewcvs/rpms/cpio/F-8/ for patches that were used in Fedora cpio packages. Also note that cpio 2.9 seems to assume --absolute-filenames by default. HTH -- Tomas Hoger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]