K 10
svn:author
V 5
naddy
K 8
svn:date
V 27
2015-03-31T14:29:26.888459Z
K 7
svn:log
V 506
CVE-2014-9112: Heap-based buffer overflow in the process_copy_in
function allows remote attackers to cause a denial of service via
a large block value in a cpio archive.
Fix from a series of upstream commits by Sergey Poznyakoff.

CVE-2015-1197: cpio, when using the --no-absolute-filenames option,
allows local users to write to arbitrary files via a symlink attack
on a file in an archive.
Fix from Vitezslav Cizek after 3.5 years of gestation in the SUSE
bug tracker.

PR:		198954
Obtained from:	Debian

END