CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2015/03/31 09:36:52
Modified files:
archivers/gcpio: Makefile
archivers/gcpio/patches: patch-doc_cpio_1
Added files:
archivers/gcpio/patches: patch-src_copyin_c patch-src_extern_h
patch-src_global_c patch-src_main_c
patch-src_util_c
patch-tests_setstat01_at
patch-tests_setstat02_at
Removed files:
archivers/gcpio/patches: patch-src_makepath_c
Log message:
CVE-2014-9112: Heap-based buffer overflow in the process_copy_in
function allows remote attackers to cause a denial of service via
a large block value in a cpio archive.
Fix from a series of upstream commits by Sergey Poznyakoff, via Debian.
CVE-2015-1197: cpio, when using the --no-absolute-filenames option,
allows local users to write to arbitrary files via a symlink attack
on a file in an archive.
Fix from Vitezslav Cizek after 3.5 years of gestation in the SUSE
bug tracker, via Debian.
Also apply an upstream fix for some regression tests while here.
