CVE-2023-7216 has been rejected by the cpio's upstream community , cpio maintainer don't think it's a bug.
Is the Red Hat community considering marking CVE-2023-7216 as rejected on NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-7216 ?
If the Red Hat community insists that CVE-2023-7216 is a bug, does the Red Hat community have a fix?
Regards,
Peng
------------------ ???????? ------------------
??????: "Sergey Poznyakoff" <gray@gnu.org.ua>;
????????: 2024??3??2??(??????) ????9:53
??????: "Peng"<2773414454@qq.com>;
????: "bug-cpio"<bug-cpio@gnu.org>;"ntait"<ntait@redhat.com>;"mrehak"<mrehak@redhat.com>;
????: Re: Re:Is there a fix for this CVE-2023-7216?
Peng <2773414454@qq.com> ha escrit:
> First of all, I would like to confirm with you, do you accept
> CVE-2023-7216? Is CVE-2023-7216 a bug or is it the default
> behavior of cpio software?
It is a normal behavior. Please use the --no-absolute-filenames option
to avoid it, if it is not desired.
Regards,
Sergey