Package "cpio"

Name:	cpio
Description:	This package is just an umbrella for a group of other packages, it has no description. Description samples from packages in group: GNU cpio -- a program to manage archives of files (win32 build)
Latest version:	2.13+dfsg-7.1ubuntu0.1
Release:	mantic (23.10)
Level:	updates
Repository:	universe

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Other versions of "cpio" in Mantic

Repository	Area	Version
base	universe	2.13+dfsg-7.1
base	main	2.13+dfsg-7.1
security	main	2.13+dfsg-7.1ubuntu0.1
security	universe	2.13+dfsg-7.1ubuntu0.1
updates	main	2.13+dfsg-7.1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.

cpio-win32

Changelog

Version: 2.13+dfsg-7.1ubuntu0.1 2024-04-29 13:07:04 UTC

cpio (2.13+dfsg-7.1ubuntu0.1) mantic-security; urgency=medium * SECURITY UPDATE: Path traversal vulnerability - debian/patches/CVE-2023-7207.patch: Create symlink placeholder if --no-absolute-filenames was given and replace placeholders after extraction. - debian/patches/revert-CVE-2015-1197-handling.patch: Removed. - CVE-2023-7207 -- Fabian Toepfer <email address hidden> Sun, 28 Apr 2024 14:32:00 +0200

CVE-2023-7207	Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in
CVE-2015-1197	cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive

About - Send Feedback to @ubuntu_updates

Package "cpio"

Links

Other versions of "cpio" in Mantic

Packages in group

Changelog

Share this page

Bookmarks

Latest updates

proposed

security

updates

PPA updates