Package: cpio Version: 2.9-4 Severity: important Tags: security Hi
The following CVE[0] was issued for tar, but it seems that cpio is also affected. CVE-2007-4476: Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." You can find a patch in the tar bugreport[1]. The code in question can be found in lib/paxnames.c . When you fix this, please mention the CVE id in your changelog. Thanks for your efforts. Cheers Steffen [0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4476 [1]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441444 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
