tag 306693 patch tag 305372 patch thanks Hi!
I finally got some time to fix these issues: http://patches.ubuntu.com/patches/cpio.CAN-2005-1111_1229.diff In case it is useful for a DSA, here is the USN text: | Imran Ghory found a race condition in the handling of output files. | While a file was unpacked with cpio, a local attacker with write | permissions to the target directory could exploit this to change the | permissions of arbitrary files of the cpio user. (CAN-2005-1111) | | Imran Ghory discovered a path traversal vulnerability. Even when the | --no-absolute-filenames option was specified, cpio did not filter out | ".." path components. By tricking an user into unpacking a malicious | cpio archive, this could be exploited to install files in arbitrary | paths with the privileges of the user calling cpio. (CAN-2005-1229) Have a nice day, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature
