-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 29 Sep 2005 10:22:52 -0400 Source: cpio Binary: cpio Architecture: source sparc Version: 2.6-6 Distribution: unstable Urgency: critical Maintainer: Clint Adams <[EMAIL PROTECTED]> Changed-By: Clint Adams <[EMAIL PROTECTED]> Description: cpio - GNU cpio -- a program to manage archives of files Closes: 305372 306693 Changes: cpio (2.6-6) unstable; urgency=critical . * Forward-port Martin Pitt's security patch from Ubuntu: - SECURITY UPDATE: Modify permissions of arbitrary files, path traversal. - copyin.c, copypass.c: Use fchmod() and fchown() before closing the output file instead of chmod() and chown() after closing it. This avoids exploiting this race condition with a hardlink attach to chmod/chown arbitrary files. [CAN-2005-1111]. closes: #305372. - copyin.c: Separate out path sanitizing to safer_name_suffix(): Apart from leading slashes, filter out ".." components from output file names if --no-absolute-filenames is given, to avoid path traversal. [CAN-2005-1229] closes: #306693. Files: e1fb620aa56b17bfbe8f70876b3203a3 547 utils important cpio_2.6-6.dsc 2be1de38e402b437d2837bccf8d45c2a 102926 utils important cpio_2.6-6.diff.gz cc3987982fb748d7929582a5c5d136f7 126126 utils important cpio_2.6-6_sparc.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Debian! iD8DBQFDO/3Z5m0u66uWM3ARAoaAAJ9IUw1h5OJNWhyZotEwvI4llUWVBgCfftMJ NsZ43q1jkoaausRC9t5S9qY= =YrrY -----END PGP SIGNATURE----- Accepted: cpio_2.6-6.diff.gz to pool/main/c/cpio/cpio_2.6-6.diff.gz cpio_2.6-6.dsc to pool/main/c/cpio/cpio_2.6-6.dsc cpio_2.6-6_sparc.deb to pool/main/c/cpio/cpio_2.6-6_sparc.deb -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]