Bug#772793: marked as done (cpio: CVE-2014-9112)

[Debian Bug Tracking System]

Your message dated Mon, 22 Dec 2014 12:04:08 +0000
with message-id <e1y31ia-0004w2...@franck.debian.org>
and subject line Bug#772793: fixed in cpio 2.11+dfsg-4
has caused the Debian Bug report #772793,
regarding cpio: CVE-2014-9112
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
772793: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772793
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: cpio
Severity: grave
Tags: security

Hi,
please see http://seclists.org/fulldisclosure/2014/Nov/74
for the original report.

Patches:
http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff6
http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=54d1c42a
http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=58df4f1b

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: cpio
Source-Version: 2.11+dfsg-4

We believe that the bug you reported is fixed in the latest version of
cpio, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 772...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Anibal Monsalve Salazar <ani...@debian.org> (supplier of updated cpio package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 22 Dec 2014 11:42:11 +0000
Source: cpio
Binary: cpio cpio-win32
Architecture: source all amd64
Version: 2.11+dfsg-4
Distribution: unstable
Urgency: high
Maintainer: Anibal Monsalve Salazar <ani...@debian.org>
Changed-By: Anibal Monsalve Salazar <ani...@debian.org>
Description:
 cpio       - GNU cpio -- a program to manage archives of files
 cpio-win32 - GNU cpio -- a program to manage archives of files (win32 build)
Closes: 772793
Changes:
 cpio (2.11+dfsg-4) unstable; urgency=high
 .
   [ Michael Gilbert <mgilb...@debian.org> ]
   * Fix CVE-2014-9112: null pointer dereference issues.
     Add the following upstream patches:
     fd262d11.patch
     f6a8a2cb.patch
     Closes: #772793.
Checksums-Sha1:
 842c7974e4c2dfc22131fb34ef33fd7c76aab1c1 1843 cpio_2.11+dfsg-4.dsc
 4c87848435285e1fc2145a9c3436f3fbd1520d2d 17756 cpio_2.11+dfsg-4.debian.tar.xz
 0108fefc04a565afc6b73780abc452befe88d248 59308 cpio-win32_2.11+dfsg-4_all.deb
 9247eca2c2f4ab973e80f9b24529ac1046e076f9 176982 cpio_2.11+dfsg-4_amd64.deb
Checksums-Sha256:
 452d32f8d4eb9c5bd3a6bd5e49adfc7fbe1f502d1883c51ebb5a6d26c84b4c73 1843 
cpio_2.11+dfsg-4.dsc
 108718317981eb792866f5ca7d2cee4dd2c5f2b54ce45628719148c321b8fed7 17756 
cpio_2.11+dfsg-4.debian.tar.xz
 005e3f0a1096058e8f73c99c7abe2a54874bdeb5f05cd2b3db914be4dce34e1f 59308 
cpio-win32_2.11+dfsg-4_all.deb
 31e181b71a4d8b945258180a41c8bb523adeb79cb7f86e3861102df56c4bd0cc 176982 
cpio_2.11+dfsg-4_amd64.deb
Files:
 5e37306cc5c7a3038a51405827286ee7 1843 utils important cpio_2.11+dfsg-4.dsc
 b138e08817577210c860defbbe4ab2b5 17756 utils important 
cpio_2.11+dfsg-4.debian.tar.xz
 9730d792bedd956e06ba7e262359d1d9 59308 utils extra 
cpio-win32_2.11+dfsg-4_all.deb
 581a5e1155fe3e3eade27058c1bf7f50 176982 utils important 
cpio_2.11+dfsg-4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUmAbSAAoJEHxWrP6UeJfYSM4P/RdFRjPNEi/qdmvFok2lE0M0
6SfCxqUfHc6wqcCW7syjBHz7gcDQmWRKh4Jf94B761reFqk6VrQFbfQjNGmJ+UBD
FSs5ut1mlITeLIxllvrer4a+LrKaFn/zYNuMPk6cFRqXCALa6+A5XOY2O6nDOgKB
7Gg15i9KFgdq0JrE3bHBXKOJz4+qn98K2zpBG9Cyqjg38QR4cfTlFJYc7tE33cIe
MMInr9XW+sS750wOLVwOEUezj6LW6jelk/2m9EpDQeKCvWbq6fIMCCoAVX0VV7za
JyZPDENBlZjfmmuiu3Hw17l9iZKDBee5j+KOMT3rOE8mVMUOMGI41RgJWMTUNFIi
VbyJIjcPfj9ULgox3O7Ah3GzqWpfq04SV3NDCDaT7EaP6E8idkMcFoZdT6YUJ+y6
+a20xUj5axWVKoWlkxz2KdDoexAM2rzvOhOfXh3zBs1pysPjbBup8G2fJxdoG9u0
wg+X4rbQh1oijryQXOm9mDwHXt7u7Ez500Iw8cbYDLjutq7LCBnWjWKMYF5I818n
OYIU10d6z0LMDvQrYfROcKB/3WBz50eHU1wFO+GE34dtIxut54XN7FNLNcpWnQEt
wTgBr9rsc5NzeznoxnxtV6KpdscxV6+gECydPS8IHQI79VMX7KL3I9NHI3JjOGdO
Shz6kd0uZgYPajzV3Cyj
=TOCN
-----END PGP SIGNATURE-----

--- End Message ---