Control: retitle -1 cpio: CVE-2023-7207: Path traversal vulnerability due to
partial revert of fix for CVE-2015-1197
On Thu, Jan 04, 2024 at 08:01:18PM -0600, Mark Esler wrote:
> Please refer to this path traversal vulnerability as CVE-2023-7207.
>
> https://cve.mitre.org/cgi-bin/cvename.cgi?nam
Please refer to this path traversal vulnerability as CVE-2023-7207.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207
On Fri, 22 Dec 2023 13:43:18 +1100, Aníbal Monsalve Salazar wrote:
> I have been working on a new Debian version of cpio for the last couple
> of days. I hope to upload it today. I will appreciate it very much if
> you could give it a try after uploading it.
It looks good to me.
Regards,
Ingo
On Wed, 2023-12-20 19:55:30 +0100, Ingo Brückl wrote:
> Package: cpio
> Version: 2.13+dfsg-7.1
> Severity: grave
>
> The patch "revert-CVE-2015-1197-handling" (to close bugs #946267 and #946469)
> re-enables path traversal vulnerability with maliciously crafted cpio
> archives.
Hello Ingo,
I ha
4 matches
Mail list logo
