On Wed, 2023-12-20 19:55:30 +0100, Ingo Brückl wrote: > Package: cpio > Version: 2.13+dfsg-7.1 > Severity: grave > > The patch "revert-CVE-2015-1197-handling" (to close bugs #946267 and #946469) > re-enables path traversal vulnerability with maliciously crafted cpio > archives.
Hello Ingo, I have been working on a new Debian version of cpio for the last couple of days. I hope to upload it today. I will appreciate it very much if you could give it a try after uploading it. Thank you for your previous messages related to this security vulnerability. I will send those messages to Salvatore. Kind regards, Aníbal