I'm NMUing cpio with the attached patch which was extracted from the security team's patch for the version in stable to fix this hole.
-- see shy jo
diff --new-file -ur old/cpio-2.4.2/debian/changelog cpio-2.4.2/debian/changelog --- old/cpio-2.4.2/debian/changelog 2005-02-04 16:51:34.000000000 -0500 +++ cpio-2.4.2/debian/changelog 2005-02-04 16:49:40.000000000 -0500 @@ -1,3 +1,12 @@ +cpio (2.4.2-39woody1) stable-security; urgency=high + + * Non-maintainer upload by the Security Team + * Forward ported patch from Albert Chin-A-Young to fix broken + permissions on output file with -O/-F [main.c, CAN-1999-1572, + http://groups-beta.google.com/group/gnu.utils.bug/msg/4db088ee6031c9ec] + + -- Martin Schulze <[EMAIL PROTECTED]> Fri, 28 Jan 2005 10:11:48 +0100 + cpio (2.4.2-39) unstable; urgency=medium * Added density description for 0x45 (QIC-3095). (Closes: Bug#117427) diff --new-file -ur old/cpio-2.4.2/main.c cpio-2.4.2/main.c --- old/cpio-2.4.2/main.c 2005-02-04 16:51:34.000000000 -0500 +++ cpio-2.4.2/main.c 2005-02-04 16:49:40.000000000 -0500 @@ -518,7 +518,6 @@ char *argv[]; { program_name = argv[0]; - sys_umask = umask (0); #ifdef __TURBOC__ _fmode = O_BINARY; /* Put stdin and stdout in binary mode. */ @@ -529,6 +528,7 @@ #endif process_args (argc, argv); + sys_umask = umask (0); initialize_buffers ();
signature.asc
Description: Digital signature
