Control: tags -1 + patch
Hi,
On Sat, Jan 23, 2016 at 12:24:48PM +0100, Salvatore Bonaccorso wrote:
> Source: cpio
> Version: 2.11-4
> Severity: important
> Tags: security upstream
>
> Hi,
>
> the following vulnerability was published for cpio.
>
> CVE-2016-2037[0]:
> out-of-bounds write with
Hi,
And the proposed debdiff attached.
Regards,
Salvatore
diff -Nru cpio-2.11+dfsg/debian/changelog cpio-2.11+dfsg/debian/changelog
--- cpio-2.11+dfsg/debian/changelog 2015-03-05 11:47:10.0 +0100
+++ cpio-2.11+dfsg/debian/changelog 2016-02-12 17:31:20.0 +0100
@@ -1,3
Hi,
On Fri, Jan 29, 2016 at 03:55:09PM -0500, anarcat wrote:
> I can't actually reproduce with the test case provided on oss-security:
>
> (gdb) run -i < ../overflow.cpio
> Starting program: /bin/cpio -i < ../overflow.cpio
> [Thread debugging using libthread_db enabled]
> Using host libthread_db
I can't actually reproduce with the test case provided on oss-security:
(gdb) run -i < ../overflow.cpio
Starting program: /bin/cpio -i < ../overflow.cpio
[Thread debugging using libthread_db enabled]
Using host libthread_db library
"/lib/x86_64-linux-gnu/libthread_db.so.1".
/bin/cpio: Malformed
Source: cpio
Version: 2.11-4
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for cpio.
CVE-2016-2037[0]:
out-of-bounds write with cpio 2.11
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in
5 matches
Mail list logo
