bug-cpio
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

cpio-2.13 released [stable]


From: Sergey Poznyakoff
Subject: cpio-2.13 released [stable]
Date: Wed, 06 Nov 2019 10:28:35 +0200

Hello,

This is to inform you that GNU cpio version 2.13 is available for download.
This stable release fixes several potential vulnerabilities, namely:
CVE-2015-1197, CVE-2016-2037, CVE-2019-14866.

Here are the compressed sources:
  https://ftp.gnu.org/gnu/cpio/cpio-2.13.tar.gz    (1.9MB)
  https://ftp.gnu.org/gnu/cpio/cpio-2.13.tar.bz2   (1.3MB)

Here are the GPG detached signatures[*]:
  https://ftp.gnu.org/gnu/cpio/cpio-2.13.tar.gz.sig
  https://ftp.gnu.org/gnu/cpio/cpio-2.13.tar.bz2.sig

Use a mirror for higher download bandwidth:
  https://www.gnu.org/order/ftp.html

Here are the MD5 and SHA1 checksums:

389c5452d667c23b5eceb206f5000810  cpio-2.13.tar.gz
f3438e672e3fa273a7dc26339dd1eed6  cpio-2.13.tar.bz2
9568076fd23fb9bc00d32ee458bb2231d5254e40  cpio-2.13.tar.gz
4dcefc0e1bc36b11506a354768d82b15e3fe6bb8  cpio-2.13.tar.bz2

[*] Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact.  First, be sure to download both the .sig file
and the corresponding tarball.  Then, run a command like this:

  gpg --verify cpio-2.13.tar.gz.sig

If that command fails because you don't have the required public key,
then run this command to import it:

  gpg --keyserver keys.gnupg.net --recv-keys 3602B07F55D0C732

and rerun the 'gpg --verify' command.

Best regards,
Sergey



reply via email to

[Prev in Thread] Current Thread [Next in Thread]