Accepted cpio 2.6-6 (source sparc)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 29 Sep 2005 10:22:52 -0400
Source: cpio
Binary: cpio
Architecture: source sparc
Version: 2.6-6
Distribution: unstable
Urgency: critical
Maintainer: Clint Adams <schizo@debian.org>
Changed-By: Clint Adams <schizo@debian.org>
Description:
cpio - GNU cpio -- a program to manage archives of files
Closes: 305372 306693
Changes:
cpio (2.6-6) unstable; urgency=critical
.
* Forward-port Martin Pitt's security patch from Ubuntu:
- SECURITY UPDATE: Modify permissions of arbitrary files, path traversal.
- copyin.c, copypass.c: Use fchmod() and fchown() before closing the output
file instead of chmod() and chown() after closing it. This avoids
exploiting this race condition with a hardlink attach to chmod/chown
arbitrary files. [CAN-2005-1111]. closes: #305372.
- copyin.c: Separate out path sanitizing to safer_name_suffix(): Apart from
leading slashes, filter out ".." components from output file names if
--no-absolute-filenames is given, to avoid path traversal. [CAN-2005-1229]
closes: #306693.
Files:
e1fb620aa56b17bfbe8f70876b3203a3 547 utils important cpio_2.6-6.dsc
2be1de38e402b437d2837bccf8d45c2a 102926 utils important cpio_2.6-6.diff.gz
cc3987982fb748d7929582a5c5d136f7 126126 utils important cpio_2.6-6_sparc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Debian!
iD8DBQFDO/3Z5m0u66uWM3ARAoaAAJ9IUw1h5OJNWhyZotEwvI4llUWVBgCfftMJ
NsZ43q1jkoaausRC9t5S9qY=
=YrrY
-----END PGP SIGNATURE-----
Accepted:
cpio_2.6-6.diff.gz
to pool/main/c/cpio/cpio_2.6-6.diff.gz
cpio_2.6-6.dsc
to pool/main/c/cpio/cpio_2.6-6.dsc
cpio_2.6-6_sparc.deb
to pool/main/c/cpio/cpio_2.6-6_sparc.deb
Reply to: