-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3445-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk June 04, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : cpio Version : 2.12+dfsg-9+deb10u1 CVE ID : CVE-2019-14866 CVE-2021-38185 Debian Bug : 941412 992045 Two vulnerabilities were fixed in GNU cpio, a program to manage archives of files. CVE-2019-14866 Improper validation of input files when generatingtar archives. CVE-2021-38185 Arbitrary code via crafted pattern file. For Debian 10 buster, these problems have been fixed in version 2.12+dfsg-9+deb10u1. We recommend that you upgrade your cpio packages. For the detailed security status of cpio please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cpio Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmR88CIACgkQiNJCh6LY mLFEnw//dJUPmrc9TF3gc0O8DcOf7y1dre2POsQzNm3NVBFsewVro5EM61s3pQAE dt6k3wY5fxEzlu63ul8/ADPhKDWFhmOY2lUznxG9svjC/yVFFeFQXPLc/PAyqsrm DezOIsi/WCCCtOLjrdeRera19urF9/lc70ANdIEgN4MmH1YG2tOk/c2Jd3SQMHpF 8RzYcPCCQB3+7YcMtei++WSxNaFT8ELWxIE6B6rDnpTps3whFQhDAfkNWmId+yUG 6UB6fO0HsqY3oRyEx4oatpYM+ua9xPDf6ydV3mIbOwV6TgcwjglVgeoP08Rzpwto w7dNQoM9WKrzPxXgB8hiRXzPPW70/vtQ7kd+J1ygDVhSl4QXEtPoTyva5eXb4KMR WWAbi0uG7nznI6iJ0Z/3egS3yY5Jh7s+BH14t74wnZ8zVp6HCO16Lpyyo48F30em CkBXxbpfzBFdRv1anK0GdIcB/Kt2poPYiCjZxvlyzvwMYwJfVnKEH5hwekbvxrnc EEEHiDRU2vIZs5vHikYQDWenTRqX7XnuzIvFJYV/lYKvtwPuUZS4cC+F1a3SDSZV OKmiCr+GLtjbngYQUZKasibYd3a6ePH89loOWA9e/jbkG2LpJwhy7e74SqrGsVLS qHzOeW5su6Nn+ETBIoZ6CRrsF5p5ZprAjofnOkS0lRjFh/pXw8c= =j8tT -----END PGP SIGNATURE-----