Debians cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in –no-absolute-filenames. Upstream has since provided a proper fix to –no-absolute-filenames.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cpio | Ubuntu | bionic | * |
Cpio | Ubuntu | focal | * |
Cpio | Ubuntu | jammy | * |
Cpio | Ubuntu | lunar | * |
Cpio | Ubuntu | mantic | * |
Cpio | Ubuntu | trusty | * |
Cpio | Ubuntu | upstream | * |
Cpio | Ubuntu | xenial | * |