Accepted cpio 2.5-1.2ubuntu1 (source)
Martin Pitt
martin.pitt at ubuntu.com
Thu Sep 29 05:10:03 CDT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 29 Sep 2005 12:04:52 +0200
Source: cpio
Binary: cpio
Architecture: source
Version: 2.5-1.2ubuntu1
Distribution: breezy
Urgency: low
Maintainer: Brian Mays <brian at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
cpio - GNU cpio -- a program to manage archives of files.
Changes:
cpio (2.5-1.2ubuntu1) breezy; urgency=low
.
* SECURITY UPDATE: Modify permissions of arbitrary files, path traversal.
* copyin.c, copypass.c: Use fchmod() and fchown() before closing the output
file instead of chmod() and chown() after closing it. This avoids
exploiting this race condition with a hardlink attach to chmod/chown
arbitrary files. [CAN-2005-1111]
* copyin.c: Separate out path sanitizing to safer_name_suffix(): Apart from
leading slashes, filter out ".." components from output file names if
--no-absolute-filenames is given, to avoid path traversal. [CAN-2005-1229]
Files:
d61689baa13320d077f9d6bd966b4a4e 547 utils important cpio_2.5-1.2ubuntu1.dsc
2db6ae750c336f9d0dc5f4157ed36f5a 27422 utils important cpio_2.5-1.2ubuntu1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDO7y2DecnbV4Fd/IRAku1AJ4k+3LuihRriBLap7lArym5JzXdaACg93GY
Y8pWhUM8GqychVdZtKQ2LsQ=
=Bnqj
-----END PGP SIGNATURE-----
Accepted:
cpio_2.5-1.2ubuntu1.diff.gz
to pool/main/c/cpio/cpio_2.5-1.2ubuntu1.diff.gz
cpio_2.5-1.2ubuntu1.dsc
to pool/main/c/cpio/cpio_2.5-1.2ubuntu1.dsc
More information about the breezy-changes
mailing list