[ubuntu/impish-proposed] cpio 2.13+dfsg-4ubuntu4 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Mon Aug 23 12:16:12 UTC 2021 

cpio (2.13+dfsg-4ubuntu4) impish; urgency=medium

  * SECURITY UPDATE: arbitrary code execution via crafted pattern file
    - debian/patches/CVE-2021-38185.patch: rewrite dynamic string support
      in src/copyin.c, src/copyout.c, src/copypass.c, src/dstring.c,
      src/dstring.h, src/util.c.
    - debian/patches/CVE-2021-38185.2.patch: don't call ds_resize in a loop
      in src/dstring.c.
    - debian/patches/CVE-2021-38185.3.patch: fix dynamic string
      reallocations in src/dstring.c.
    - CVE-2021-38185

Date: Mon, 23 Aug 2021 07:56:42 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/cpio/2.13+dfsg-4ubuntu4
-------------- next part --------------
Format: 1.8
Date: Mon, 23 Aug 2021 07:56:42 -0400
Source: cpio
Built-For-Profiles: noudeb
Architecture: source
Version: 2.13+dfsg-4ubuntu4
Distribution: impish
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 cpio (2.13+dfsg-4ubuntu4) impish; urgency=medium
 .
   * SECURITY UPDATE: arbitrary code execution via crafted pattern file
     - debian/patches/CVE-2021-38185.patch: rewrite dynamic string support
       in src/copyin.c, src/copyout.c, src/copypass.c, src/dstring.c,
       src/dstring.h, src/util.c.
     - debian/patches/CVE-2021-38185.2.patch: don't call ds_resize in a loop
       in src/dstring.c.
     - debian/patches/CVE-2021-38185.3.patch: fix dynamic string
       reallocations in src/dstring.c.
     - CVE-2021-38185
Checksums-Sha1:
 ae2989ac66a948a40e811dab35bf96708eabca63 2121 cpio_2.13+dfsg-4ubuntu4.dsc
 8c5b7ee9658a126b29b6bc0fbde8c09a0b0e6bb0 36424 cpio_2.13+dfsg-4ubuntu4.debian.tar.xz
 13125911338f7ffbb5e853e0d8ffdd0f12c5d2c3 5695 cpio_2.13+dfsg-4ubuntu4_source.buildinfo
Checksums-Sha256:
 11cae9fbc9d6bc977144d07f4a2589ebbdda55290b3a2fea5fdd550292c732f3 2121 cpio_2.13+dfsg-4ubuntu4.dsc
 e2d49053f1e5f5c9f9b0825e3244b0c54be70dece280d16ac301ecff09141224 36424 cpio_2.13+dfsg-4ubuntu4.debian.tar.xz
 4215f847c385542eb123f9cecde3ef13b91469f5116e821fa8442e255250cf8e 5695 cpio_2.13+dfsg-4ubuntu4_source.buildinfo
Files:
 0cc75a2842efcaf014b03d373a949b2c 2121 utils important cpio_2.13+dfsg-4ubuntu4.dsc
 1c3da55f19a04946cb65dd89e91e91f1 36424 utils important cpio_2.13+dfsg-4ubuntu4.debian.tar.xz
 2b6a1fd94ebbe1ae0c8c1f9833f498f3 5695 utils important cpio_2.13+dfsg-4ubuntu4_source.buildinfo
Original-Maintainer: Anibal Monsalve Salazar <anibal at debian.org>

More information about the impish-changes mailing list