CVE-2014-1197
CVE-2014-1197 concerns GNU Cpio 2.11 where the --no-absolute-filenames option can be bypassed via symlinks during extraction, allowing rogue archives to write files outside the current directory. Mageia MGASA-2015-0080 documents this issue (CVE-2014-1197) and references a fix in updated cpio pack...