Hi, On Thu, Dec 21, 2023 at 05:28:51PM +0100, Ingo Brückl wrote: > Hi, > > neither buster nor buster (security) is affected by bug #1059163. > > Thanks to debian/patches/CVE-2015-1197.patch, Debian cpio 2.12 isn't > vulnerable. Thanks, I have adjusted the security-tracker entry. Regards, Salvatore