-
cpio (2.11+dfsg-1ubuntu1.2) trusty-security; urgency=medium
* SECURITY UPDATE: file overwrite via symlink attack
- debian/patches/CVE-2015-1197.patch: don't write files over symlinks
unless --extract-over-symlinks is used in doc/cpio.1, src/copyin.c,
src/extern.h, src/global.c, src/main.c.
- CVE-2015-1197
* SECURITY UPDATE: out-of-bounds write
- debian/patches/CVE-2016-2037.patch: make sure there is at least two
bytes available in src/copyin.c, added comment to src/util.c.
- CVE-2016-2037
* debian/patches/fix-symlink-test.patch: fix date-sensitive test.
-- Marc Deslauriers <email address hidden> Thu, 18 Feb 2016 09:15:43 -0500
-
cpio (2.11+dfsg-1ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: out of bounds write and other range issues
- debian/patches/cpio-CVE-2014-9112.patch
- debian/patches/cpio-CVE-2014-9112-testsuite.patch: regenerate
testsuite to incorporate tests from previous patch
- CVE-2014-9112
-- Steve Beattie <email address hidden> Wed, 07 Jan 2015 11:31:48 -0800
-
cpio (2.11+dfsg-1ubuntu1) saucy; urgency=low
* Resynchronise with Debian. Remaining changes:
- Don't build a cpio-win32 package since mingw32 is in universe.
cpio (2.11+dfsg-1) unstable; urgency=low
* Standards Version is 3.9.4
* Remove reference to texinfo documntation in cpio man page
Update debian/patches/695717-no-cpio.info.patch
Closes: #695717
* Build depends on autotools-dev
Autoconf update for arm64 building
Drop debian/patches/autoconfupdate.patch
Closes: #689612
* Update debian/watch
-- Colin Watson <email address hidden> Sun, 02 Jun 2013 13:01:14 +0100
