Hi again
The new patch can be found here:
http://apt.inguza.net/wheezy-security/cpio/CVE-2019-14866.patch
It is not perfectly properly documented since it refers to a commit that do
not contain it all. But I think you get the point anyway.
// Ola
On Mon, 4 Nov 2019 at 08:10, Ola Lundqvist
Hi Sergey, Thomas and cpio Debian maintainers
I have been preparing fixes for CVE-2019-14866 for Debian oldstable and
oldoldstable. While doing that I realized that the patch mentioned here (1)
do work for amd64 but do not work for i386.
I was able to build on both amd64 and i386 but the fix
Hi
Thank you. I have concluded that the patch only works on amd64, not on i386.
I'll contact the maintainer.
// Ola
On Sun, 3 Nov 2019 at 18:03, Sylvain Beucler wrote:
> Hi,
>
> On 29/10/2019 23:12, Ola Lundqvist wrote:
> > Hi LTS contributors
> >
> > I have built a cpio package with
hi,
today I unclaimed for LTS:
-ampache (Roberto C. Sánchez)
-thunderbird (Emilio)
and none for eLTS.
--
tschau,
Holger
---
holger@(debian|reproducible-builds|layer-acht).org
PGP
Hi,
On 29/10/2019 23:12, Ola Lundqvist wrote:
> Hi LTS contributors
>
> I have built a cpio package with CVE-2019-14866 corrected.
> According to my testing it is no longer possible to reproduce the
> problem reported in this CVE.
>
> You can find the packages I have produced here:
>
I uploaded a snapshot of the jessie-security branch of linux, with the
version 3.16.76-1~git20191101.154b211, to people.debian.org:
https://people.debian.org/~benh/packages/jessie-security/
There are source and binaries for amd64 and i386, along with a signed
.changes file.
Let me know if you