89857df2d1
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> |
||
|---|---|---|
| .. | ||
| 0001-Minor-fix.patch | ||
| 0002-Rewrite-dynamic-string-support.patch | ||
| 0003-Fix-previous-commit.patch | ||
| Config.in | ||
| cpio.hash | ||
| cpio.mk | ||