summary refs log tree commit diff
path: root/pkgs/tools/archivers/cpio/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/archivers/cpio/default.nix')
-rw-r--r--pkgs/tools/archivers/cpio/default.nix4
1 files changed, 4 insertions, 0 deletions
diff --git a/pkgs/tools/archivers/cpio/default.nix b/pkgs/tools/archivers/cpio/default.nix
index 570f1904ee21..2313f27f2e54 100644
--- a/pkgs/tools/archivers/cpio/default.nix
+++ b/pkgs/tools/archivers/cpio/default.nix
@@ -19,6 +19,10 @@ in stdenv.mkDerivation {
         + "CVE-2015-1197-cpio-2.12.patch";
       sha256 = "0ph43m4lavwkc4gnl5h9p3da4kb1pnhwk5l2qsky70dqri8pcr8v";
     })
+
+    # Report: http://www.openwall.com/lists/oss-security/2016/01/19/4
+    # Patch from https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html
+    ./CVE-2016-2037-out-of-bounds-write.patch
   ];
 
   preConfigure = if stdenv.isCygwin then ''
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-10 08:27:21 +0000