[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2019-14866

Hi Sergey

I can see that the fix is quite different from the one Thomas proposed. Do I understand correctly that this fix go around the problem in a different way? I do not see any explicit value > 0 check. Instead it looks like the fix allows larger file sizes instead of telling that they are not ok. Is that correct?

// Ola

On Mon, 4 Nov 2019 at 15:34, Sergey Poznyakoff <gray@gnu.org.ua> wrote:
Hi Ola & Thomas,

> I have been preparing fixes for CVE-2019-14866 for Debian oldstable

Thank you.  The issue has been fixed in commit 7554e3e4 [1].


[1] http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=7554e3e42cd72f6f8304410c47fe6f8918e9bfd7

 --- Inguza Technology AB --- MSc in Information Technology ----
|  ola@inguza.com                    opal@debian.org            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |

Reply to: