Alexander Cherepanov discovered that bsdcpio, an implementation of the
cpio program part of the libarchive project, is susceptible to a
directory traversal vulnerability via absolute paths.
For Debian 6 Squeeze, these issues have been fixed in libarchive version 2.8.4.forreal-1+squeeze3
CPE | Name | Operator | Version |
---|---|---|---|
libarchive | eq | 2.8.4-1+squeeze1 | |
libarchive | eq | 2.8.4-1 | |
libarchive | eq | 2.8.4-2 | |
libarchive | eq | 2.8.4.forreal-1+squeeze2 |