[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
cpio-2.13 released [stable]
From: |
Sergey Poznyakoff |
Subject: |
cpio-2.13 released [stable] |
Date: |
Wed, 06 Nov 2019 10:28:35 +0200 |
Hello,
This is to inform you that GNU cpio version 2.13 is available for download.
This stable release fixes several potential vulnerabilities, namely:
CVE-2015-1197, CVE-2016-2037, CVE-2019-14866.
Here are the compressed sources:
https://ftp.gnu.org/gnu/cpio/cpio-2.13.tar.gz (1.9MB)
https://ftp.gnu.org/gnu/cpio/cpio-2.13.tar.bz2 (1.3MB)
Here are the GPG detached signatures[*]:
https://ftp.gnu.org/gnu/cpio/cpio-2.13.tar.gz.sig
https://ftp.gnu.org/gnu/cpio/cpio-2.13.tar.bz2.sig
Use a mirror for higher download bandwidth:
https://www.gnu.org/order/ftp.html
Here are the MD5 and SHA1 checksums:
389c5452d667c23b5eceb206f5000810 cpio-2.13.tar.gz
f3438e672e3fa273a7dc26339dd1eed6 cpio-2.13.tar.bz2
9568076fd23fb9bc00d32ee458bb2231d5254e40 cpio-2.13.tar.gz
4dcefc0e1bc36b11506a354768d82b15e3fe6bb8 cpio-2.13.tar.bz2
[*] Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:
gpg --verify cpio-2.13.tar.gz.sig
If that command fails because you don't have the required public key,
then run this command to import it:
gpg --keyserver keys.gnupg.net --recv-keys 3602B07F55D0C732
and rerun the 'gpg --verify' command.
Best regards,
Sergey
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- cpio-2.13 released [stable],
Sergey Poznyakoff <=