Sync cpio 2.13+dfsg-7 (main) from Debian sid (main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cpio (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
affects ubuntu/cpio
status new
importance wishlist
subscribe ubuntu-sponsors
done
Please sync cpio 2.13+dfsg-7 (main) from Debian sid (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: arbitrary code execution via crafted pattern file
- debian/
in src/copyin.c, src/copyout.c, src/copypass.c, src/dstring.c,
src/
- debian/
in src/dstring.c.
- debian/
reallocations in src/dstring.c.
- CVE-2021-38185
* Back out CVE-2021-381185 patches for now as they appear to be causing a
regression when building the kernel
- debian/
- debian/
* SECURITY UPDATE: arbitrary code execution via crafted pattern file
- debian/
in src/dstring.c.
- CVE-2021-38185
* SECURITY UPDATE: arbitrary code execution via crafted pattern file
- debian/
in src/copyin.c, src/copyout.c, src/copypass.c, src/dstring.c,
src/
- CVE-2021-38185
The code changes by the patch series in Ubuntu and Debian are the same.
The patches are just name differently:
d/992045-
d/992098-
d/992192-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiE
U0s83g/
eq9MrcQmFjEjy+
GWER6yP66MCOvTC
b7NKnAMLvxBUHpf
LOaXxeuWBDcHi9k
jny3IElHXDdepZO
P7f7stsc3Cout+
79pZAXZXAO/
vCvpbXrs+
fTEBCthtTq7mDVz
OJuv38UGAmhOMaj
=2bpu
-----END PGP SIGNATURE-----
This bug was fixed in the package cpio - 2.13+dfsg-7
Sponsored for Heinrich Schuchardt (xypron)
---------------
cpio (2.13+dfsg-7) unstable; urgency=medium
[ Salvatore Bonaccorso ]
* Fix dynamic string reallocations (Closes: #992192)
-- Anibal Monsalve Salazar <email address hidden> Sun, 22 Aug 2021 15:21:53 +1000
cpio (2.13+dfsg-6) unstable; urgency=high
* Fix regression of original fix for CVE-2021-38185 regression- of-orig- fix-for- CVE-2021- 38185
Add patch 992098-
Closes: #992098
-- Anibal Monsalve Salazar <email address hidden> Fri, 13 Aug 2021 13:06:27 +1000
cpio (2.13+dfsg-5) unstable; urgency=medium
* Fix CVE-2021-38185 CVE-2021- 38185-rewrite- dynamic- string- support
Add patch 992045-
Closes: #992045
-- Anibal Monsalve Salazar <email address hidden> Wed, 11 Aug 2021 01:18:33 +1000