home  bbs  files  messages ]

      ZZLI4427             linux.debian.maint.boot             505 messages      

[ previous | next | reply ]

[ list messages | list forums ]

  Msg # 491 of 505 on ZZLI4427, Wednesday 10-21-25, 10:14  
  From: CHRISTOPH BIEDL  
  To: ALL  
  Subj: Re: BusyBox CVE-2022-48174 in Bookworm  
 From: debian.axhn@manchmal.in-ulm.de 
  
 Wolfgang Ocker wrote... 
  
 > Hello Busybox Package Maintainers: 
 > 
 > I hope I have found the correct email address for my question. 
  
 It's good enough. 
  
 > https://security-tracker.debian.org/tracker/CVE-2022-48174 
 > 
 > It says here that the stack overflow bug in Busybox (CVE-2022-48174) 
 > has not yet been fixed in Bookworm because it is only a minor issue. 
  
 It seems this was fixed in 1:1.30.1-6+deb11u1 in January 2025: 
  
 | busybox (1:1.30.1-6+deb11u1) bullseye-security; urgency=high 
 | 
 |   * Non-maintainer upload by the LTS Security Team. 
 |   * Import patches for 
 |     (Cherry-picked from 1:1.30-1.4ubuntu6.4) 
 |       - CVE-2021-28831 (Closes: #985674), 
 |       - CVE-2021-42374, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, 
 |         CVE-2021-42381, CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, 
 |         CVE-2021-42386 (Closes: #999567), 
 |     (Cherry-picked from 1:1.30.1-7ubuntu3.1) 
 !       - CVE-2022-48174 (Closes: #1059049) 
 |   * Backport patch for CVE-2023-42364. This patch also covers 
 |     CVE-2023-42365 (Closes: #1059051, #1059052) 
 | 
 |  -- Tobias Frost   Sun, 19 Jan 2025 10:30:58 +0100 
  
 > I would be very interested to know why you came to this conclusion, as 
 > I can't find any reference to it in the corresponding bug tracker 
 > entry: 
 > 
 > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059049 
  
 This creates the question why the bits in the tracker were not updated 
 properly. I'll ask around behind the curtain. 
  
     Christoph 
  
 -----BEGIN PGP SIGNATURE----- 
  
 iQIzBAABCgAdFiEEWXMI+726A12MfJXdxCxY61kUkv0FAmj3XLUACgkQxCxY61kU 
 kv1N0g/8DkPK7mKacu13oOquntu4pJbACnzgl80JvPg4hVWJa4kgiB6q/enJ/YoE 
 OI89H74NPUjn6UoUdEEVTKf7uzg7fQ2S0ati5oyBr5ydJSTV399gqDUBCziC6sRa 
 kjNyiTZeGDczI4FeuLb3bbkVj/Ht/U0HIqlzbRDCBBa6WaiCb6Tz0I33v5oxjS/y 
 4BdbE6L5J/dG1DsQEsBtYtkCQcqJrxuIeLDie/IfGvLmWz8NmXrtpVNzW9Cn5UFb 
 PRVRkOiyOdpFczn4XkzU5mlXGs8yVXLgGQ+6eveLYC6/mqjZISGKcEEA2KxlfNTj 
 Ep0AHTnoW7HcEqil+HJZCFSap9MZGd5LP1296kwP0FP1x1+5tF/EbQ1W+T4NKegy 
 oxSzJynz9b85/OMdAlUChznJZIBb2iszEOmAZ3XOEp7bIdXxjAz9UveyMOTfjFqU 
 OBz4+yyrRDcKygPlYk4nkq5D89B0iZX6CQxsZNmk+1+3EkOMJut+V2A7Kh2Vcaq9 
 KF4A55/IPNmN44pZ/9EqzkevBF4z66cuUOE8rcL3jBOFsPXy0dgVzg1I9mcDNLkU 
 fapbuLx6DOgozFV4J7PYLb2kBqNOqL7vGXRigggCyC1nNtQbMb8Qwu5PsNr+/MlN 
 rIm+yJQywJLRWvISFH+ag2BgfglYN0kCC0OqX21nbZI5t8z+5nQ= 
 =281x 
 -----END PGP SIGNATURE----- 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2) 

[ list messages | list forums | previous | next | reply ]

search for:

328,081 visits
(c) 1994,  bbs@darkrealms.ca