This bug was fixed in the package cpio - 2.11-4ubuntu1
---------------
cpio (2.11-4ubuntu1) maverick; urgency=low
* Merge from Debian unstable, remaining changes:
- debian/control: Don't build a cpio-win32 package
- debian/rules: don't depend on the binary-indep target in binary.
* New upstream version fixes bug where directory permissions are dropped
in passthrough mode. LP: #214942.
cpio (2.11-4) unstable; urgency=low
* Apply patch from Didier Raboud to fix win32 output again.
closes: #579533.
cpio (2.11-3) unstable; urgency=low
* Return MT_EXIT_FAILURE instead of MT_EXIT_INVOP for fatal exits from
mt.
* Do not link mt with fatal.o even when automake is installed.
closes: #576637.
cpio (2.11-2) unstable; urgency=medium
* Patch from Sven Joachim to prevent /usr/share/info/dir.gz being
shipped when install-info is present in the build environment.
closes: #576620.
cpio (2.11-1) unstable; urgency=high
* New upstream version.
- Fixes CVE-2010-0624: Heap-based buffer overflow in GNU
Tar and GNU Cpio.
* Tweak mingw build to not fail.
* Update watch file to pick bzip2-compressed tarballs.
* Bump to Standards-Version 3.8.4.
* Switch to 3.0 (quilt) source format.
cpio (2.10-2) unstable; urgency=low
* Patch from Carl Miller to better handle device nodes from cramfs.
closes: #565474.
* Remove install-info invocations from prerm and postinst.
* Depend on dpkg (>= 1.15.4) | install-info.
* Bump to Standards-Version 3.8.3.
-- Steve Langasek <steve.langa...@ubuntu.com> Tue, 15 Jun 2010 22:25:50 -0700
** Changed in: cpio (Ubuntu)
Status: Incomplete => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0624
--
cpio 2.9 drops directory permissions and ownership
https://bugs.launchpad.net/bugs/214942
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
