On Fri, 2014-12-12 10:41:50 +0100, Salvatore Bonaccorso wrote: > Hi, > > On Thu, Dec 11, 2014 at 07:15:17AM +0100, Moritz Muehlenhoff wrote: >> Package: cpio >> Severity: grave >> Tags: security >> >> Hi, >> please see http://seclists.org/fulldisclosure/2014/Nov/74 >> for the original report. >> >> Patches: >> http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff6 >> http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=54d1c42a >> http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=58df4f1b > > There seem to be additional issues with the fix for i386: > https://bugzilla.redhat.com/show_bug.cgi?id=1167571#c9 (not verified > by myself, just noticed in Red Hat's Bugzilla). > > Regards, > Salvatore
Dear debian-devel, I uploaded cpio 2.11+dfsg-3 to experimental with the upstream patches listed above. Please test it. It didn't segfault when I run it on amd64 as reported in Red Hat's Bugzilla. Thank you, Aníbal
signature.asc
Description: Digital signature