Bug#635548: CVE-2011-2716

To: 635548@bugs.debian.org
Subject: Bug#635548: CVE-2011-2716
From: "Thijs Kinkhorst" <thijs@debian.org>
Date: Sun, 3 Jun 2012 13:29:49 +0200
Message-id: <[🔎] 02bbba29eeba1a7b433bba6c8487fdbb.squirrel@wm.kinkhorst.nl>
Reply-to: "Thijs Kinkhorst" <thijs@debian.org>, 635548@bugs.debian.org
In-reply-to: <[🔎] 4FCB3C81.2020907@msgid.tls.msk.ru>
References: <[🔎] b99e2706eefb67ccfe98a9ad93c01881.squirrel@wm.kinkhorst.nl> <[🔎] 4FCB3C81.2020907@msgid.tls.msk.ru>

On Sun, June 3, 2012 12:29, Michael Tokarev wrote:
> The version of busybox currently in experimental verifies
> all the strings returned by dhcpd and if any bad char is
> found, it replaces the whole thing with literal string
> "bad" when exporting the variable to the script.  So
> there should be no need to quote anything anymore.
>
> I haven't closed this bug becaue I merely forgot about it,
> and because I also wanted to recheck all open bugs when
> finally uploading busybox 1.20 to unstable.  My current
> changelog contains mentions of closing of this bug, too.
>
> Thank you for the reminder, this means these serious issues
> weren't forgotten!  And indeed they weren't!.. :)

Good! Will you ensure that 1.20 ends up in wheezy?
There's not much time I guess, because the wheezy freeze is scheduled for
this month.


Cheers,
Thijs

Reply to:

Follow-Ups:
- Bug#635548: CVE-2011-2716
  - From: Michael Tokarev <mjt@tls.msk.ru>

References:
- Bug#635548: CVE-2011-2716
  - From: "Thijs Kinkhorst" <thijs@debian.org>
- Bug#635548: CVE-2011-2716
  - From: Michael Tokarev <mjt@tls.msk.ru>

Prev by Date: Bug#635548: CVE-2011-2716
Next by Date: Bug#635548: CVE-2011-2716
Previous by thread: Bug#635548: CVE-2011-2716
Next by thread: Bug#635548: CVE-2011-2716
Index(es):
- Date
- Thread