[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#635548: CVE-2011-2716

On Sun, June 3, 2012 12:29, Michael Tokarev wrote:
> The version of busybox currently in experimental verifies
> all the strings returned by dhcpd and if any bad char is
> found, it replaces the whole thing with literal string
> "bad" when exporting the variable to the script.  So
> there should be no need to quote anything anymore.
> I haven't closed this bug becaue I merely forgot about it,
> and because I also wanted to recheck all open bugs when
> finally uploading busybox 1.20 to unstable.  My current
> changelog contains mentions of closing of this bug, too.
> Thank you for the reminder, this means these serious issues
> weren't forgotten!  And indeed they weren't!.. :)

Good! Will you ensure that 1.20 ends up in wheezy?
There's not much time I guess, because the wheezy freeze is scheduled for
this month.


Reply to: