These are all security issues fixed in the cpio-2.12-3.90 package on the GA media of openSUSE Tumbleweed.
{ "binaries": [ { "cpio": "2.12-3.90", "cpio-lang": "2.12-3.90" } ] }