On Fri, 12 Dec 2014, Aníbal Monsalve Salazar wrote: > >> Patches: > >> http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff6 > >> http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=54d1c42a > >> http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=58df4f1b > > > > There seem to be additional issues with the fix for i386: > > https://bugzilla.redhat.com/show_bug.cgi?id=1167571#c9 (not verified > > by myself, just noticed in Red Hat's Bugzilla). > > > > Regards, > > Salvatore > > Dear debian-devel, > > I uploaded cpio 2.11+dfsg-3 to experimental with the upstream patches > listed above. Please test it. It didn't segfault when I run it on amd64 > as reported in Red Hat's Bugzilla.
There are two supplementary relevant fixes that have been committed upstream: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=fd262d11 http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=f6a8a2cb The latter only fixes the test suite in some architectures but the former fixes a NULL pointer dereference... whether it has some security implications can be debated but it looks a good idea to include it too. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
