Information on source package cpio

Available versions

ReleaseVersion
jessie2.11+dfsg-4.1+deb8u4
stretch2.11+dfsg-6+deb9u1
buster2.12+dfsg-9+deb10u1
bullseye2.13+dfsg-7.1~deb11u1
bookworm2.13+dfsg-7.1
trixie2.15+dfsg-2
sid2.15+dfsg-2

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2023-7207fixedfixedfixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedDebian's cpio contains a path traversal vulnerability. This issue was ...

Resolved issues

BugDescription
CVE-2021-38185GNU cpio through 2.13 allows attackers to execute arbitrary code via a ...
CVE-2019-14866In all versions of cpio before 2.13 does not properly validate input f ...
CVE-2016-2037The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remo ...
CVE-2015-1197cpio 2.11, when using the --no-absolute-filenames option, allows local ...
CVE-2014-9112Heap-based buffer overflow in the process_copy_in function in GNU Cpio ...
CVE-2010-0624Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib. ...
CVE-2007-4476Buffer overflow in the safer_name_suffix function in GNU tar has unspe ...
CVE-2005-4268Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a ...
CVE-2005-1229Directory traversal vulnerability in cpio 2.6 and earlier allows remot ...
CVE-2005-1111Race condition in cpio 2.6 and earlier allows local users to modify pe ...
CVE-1999-1572cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operat ...

Security announcements

DSA / DLADescription
ELA-863-1cpio - security update
DLA-3445-1cpio - security update
ELA-187-1cpio - security update
DLA-1981-1cpio - security update
DSA-3483-1cpio - security update
DLA-415-1cpio - security update
DSA-3111-1cpio - security update
DLA-111-1cpio - security update
DSA-1566-1cpio - programming error
DSA-846-1cpio - several
DSA-664-1cpio - broken file permissions

Search for package or bug name: Reporting problems