Information on source package cpio

Available versions

ReleaseVersion
stretch2.11+dfsg-6
buster2.12+dfsg-9
bullseye2.13+dfsg-4
sid2.13+dfsg-4

Open issues

BugstretchbusterbullseyesidDescription
CVE-2019-14866vulnerable (no DSA)vulnerable (no DSA)fixedfixedIn all versions of cpio before 2.13 does not properly validate input f ...

Resolved issues

BugDescription
CVE-2016-2037The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remo ...
CVE-2015-1197cpio 2.11, when using the --no-absolute-filenames option, allows local ...
CVE-2014-9112Heap-based buffer overflow in the process_copy_in function in GNU Cpio ...
CVE-2010-0624Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib. ...
CVE-2007-4476Buffer overflow in the safer_name_suffix function in GNU tar has unspe ...
CVE-2005-4268Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a ...
CVE-2005-1229Directory traversal vulnerability in cpio 2.6 and earlier allows remot ...
CVE-2005-1111Race condition in cpio 2.6 and earlier allows local users to modify pe ...
CVE-1999-1572cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operat ...

Security announcements

DSA / DLADescription
DLA-1981-1cpio - security update
DSA-3483-1cpio - security update
DLA-415-1cpio - security update
DSA-3111-1cpio - security update
DLA-111-1cpio - security update
DSA-1566-1cpio - programming error
DSA-846-1cpio - several
DSA-664-1cpio - broken file permissions

Search for package or bug name: Reporting problems