Re: CVE-2010-4226

bug-cpio

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-2010-4226

From:	Sergey Poznyakoff
Subject:	Re: CVE-2010-4226
Date:	Sat, 18 Jun 2022 17:41:43 +0200
User-agent:	MH (GNU Mailutils 3.15)

Jon Slobodzian <joslobo@microsoft.com> ha escrit:

> NIST (and subsequently our tooling) suggests that this CVE is active
> against all versions of cpio:
> https://nvd.nist.gov/vuln/detail/CVE-2010-4226.

I wasn't able to find any description of the "vulnerability" in
question.  All links from this page either end up at 502 error somewhere
at SUSE or suggest that cpio can "overwrite arbitrary files via a
symlink within an RPM package archive".  That is certainly not enough
to have any position regarding this report.

Best,
Sergey

[Prev in Thread]

Current Thread

[Next in Thread]

CVE-2010-4226, Jon Slobodzian, 2022/06/18
- Re: CVE-2010-4226, Sergey Poznyakoff <=

Prev by Date: CVE-2010-4226
Next by Date: RE: [PATCH v4 3/3] gen_init_cpio: add support for file metadata
Previous by thread: CVE-2010-4226
Index(es):
- Date
- Thread