Jon Slobodzian <[email protected]> ha escrit: > NIST (and subsequently our tooling) suggests that this CVE is active > against all versions of cpio: > https://nvd.nist.gov/vuln/detail/CVE-2010-4226.
I wasn't able to find any description of the "vulnerability" in question. All links from this page either end up at 502 error somewhere at SUSE or suggest that cpio can "overwrite arbitrary files via a symlink within an RPM package archive". That is certainly not enough to have any position regarding this report. Best, Sergey
