Hi Sergey I can see that the fix is quite different from the one Thomas proposed. Do I understand correctly that this fix go around the problem in a different way? I do not see any explicit value > 0 check. Instead it looks like the fix allows larger file sizes instead of telling that they are not ok. Is that correct?
// Ola On Mon, 4 Nov 2019 at 15:34, Sergey Poznyakoff <g...@gnu.org.ua> wrote: > Hi Ola & Thomas, > > > I have been preparing fixes for CVE-2019-14866 for Debian oldstable > > Thank you. The issue has been fixed in commit 7554e3e4 [1]. > > Regards, > Sergey > > [1] > http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=7554e3e42cd72f6f8304410c47fe6f8918e9bfd7 > > -- --- Inguza Technology AB --- MSc in Information Technology ---- | o...@inguza.com o...@debian.org | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
