Hi Ola & Thomas,
> I have been preparing fixes for CVE-2019-14866 for Debian oldstable
Thank you. The issue has been fixed in commit 7554e3e4 [1].
Regards,
Sergey
[1]
http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=7554e3e42cd72f6f8304410c47fe6f8918e9bfd7
Hi Ola,
> Hi Sergey
>
> I can see that the fix is quite different from the one Thomas proposed. Do
> I understand correctly that this fix go around the problem in a different
> way?
Not quite so. It takes basically the same approach as the fix Thomas
proposed, but also removes unnecessary code
