Hi Thank you. I have concluded that the patch only works on amd64, not on i386.
I'll contact the maintainer. // Ola On Sun, 3 Nov 2019 at 18:03, Sylvain Beucler <[email protected]> wrote: > Hi, > > On 29/10/2019 23:12, Ola Lundqvist wrote: > > Hi LTS contributors > > > > I have built a cpio package with CVE-2019-14866 corrected. > > According to my testing it is no longer possible to reproduce the > > problem reported in this CVE. > > > > You can find the packages I have produced here: > > http://apt.inguza.net/jessie-security/cpio > > > > The (so far rather limited) testing I have done can be found in > > README.testresult > > How to reproduce the problem can be found in the patch. It is easy to > > reproduce the problem on both jessie and wheezy. > > > > The debdiff is found in cpio.debdiff. > > > > Since cpio is a rather crucial package I would like some more people > > to test this package. At least for regression. > > I got contacted by cpio maintainer Sergey Poznyakoff <[email protected]> > who told me he was in process of fixing it. > > You could coordinate with him and/or watch the upstream git repo for a > sanctioned patch, which should help with your testing requirements :) > > Cheers! > Sylvain > > -- --- Inguza Technology AB --- MSc in Information Technology ---- | [email protected] [email protected] | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
