Bug 198954

Summary: [archivers/gcpio][security] Multiple Vulnerabilities
Product: Ports & Packages Reporter: Sevan Janiyan <venture37>
Component: Individual Port(s)Assignee: Christian Weisgerber <naddy>
Status: Closed FIXED    
Severity: Affects Only Me Flags: bugzilla: maintainer-feedback? (naddy)
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   

Description Sevan Janiyan 2015-03-27 19:20:57 UTC 
CVE-2014-9112 CVE-2015-1197
Comment 1 commit-hook freebsd_committer freebsd_triage 2015-03-31 14:29:58 UTC 
A commit references this bug:

Author: naddy
Date: Tue Mar 31 14:29:31 UTC 2015
New revision: 382823
URL: https://svnweb.freebsd.org/changeset/ports/382823

Log:
  CVE-2014-9112: Heap-based buffer overflow in the process_copy_in
  function allows remote attackers to cause a denial of service via
  a large block value in a cpio archive.
  Fix from a series of upstream commits by Sergey Poznyakoff.

  CVE-2015-1197: cpio, when using the --no-absolute-filenames option,
  allows local users to write to arbitrary files via a symlink attack
  on a file in an archive.
  Fix from Vitezslav Cizek after 3.5 years of gestation in the SUSE
  bug tracker.

  PR:		198954
  Obtained from:	Debian

Changes:
  head/archivers/gcpio/Makefile
  head/archivers/gcpio/files/patch-doc_Makefile.in
  head/archivers/gcpio/files/patch-doc_cpio.1
  head/archivers/gcpio/files/patch-gnu_Makefile.in
  head/archivers/gcpio/files/patch-src_copyin.c
  head/archivers/gcpio/files/patch-src_extern.h
  head/archivers/gcpio/files/patch-src_filetypes.h
  head/archivers/gcpio/files/patch-src_global.c
  head/archivers/gcpio/files/patch-src_main.c
  head/archivers/gcpio/files/patch-src_util.c