'cpio-2.13 released [stable]'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnu-info
Subject:    cpio-2.13 released [stable]
From:       Sergey Poznyakoff <gray () gnu ! org ! ua>
Date:       2019-11-06 8:28:35
Message-ID: 20191106102835.28384 () ulysses ! gnu ! org ! ua
[Download RAW message or body]

Hello,

This is to inform you that GNU cpio version 2.13 is available for download.
This stable release fixes several potential vulnerabilities, namely:
CVE-2015-1197, CVE-2016-2037, CVE-2019-14866.

Here are the compressed sources:
  https://ftp.gnu.org/gnu/cpio/cpio-2.13.tar.gz    (1.9MB)
  https://ftp.gnu.org/gnu/cpio/cpio-2.13.tar.bz2   (1.3MB)

Here are the GPG detached signatures[*]:
  https://ftp.gnu.org/gnu/cpio/cpio-2.13.tar.gz.sig
  https://ftp.gnu.org/gnu/cpio/cpio-2.13.tar.bz2.sig

Use a mirror for higher download bandwidth:
  https://www.gnu.org/order/ftp.html

Here are the MD5 and SHA1 checksums:

389c5452d667c23b5eceb206f5000810  cpio-2.13.tar.gz
f3438e672e3fa273a7dc26339dd1eed6  cpio-2.13.tar.bz2
9568076fd23fb9bc00d32ee458bb2231d5254e40  cpio-2.13.tar.gz
4dcefc0e1bc36b11506a354768d82b15e3fe6bb8  cpio-2.13.tar.bz2

[*] Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact.  First, be sure to download both the .sig file
and the corresponding tarball.  Then, run a command like this:

  gpg --verify cpio-2.13.tar.gz.sig

If that command fails because you don't have the required public key,
then run this command to import it:

  gpg --keyserver keys.gnupg.net --recv-keys 3602B07F55D0C732

and rerun the 'gpg --verify' command.

Best regards,
Sergey


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic