Bug#776186: busybox: CVE-2014-9645

To: Cyril Brulebois <kibi@debian.org>
Cc: Michael Gilbert <mgilbert@debian.org>, 776186@bugs.debian.org
Subject: Bug#776186: busybox: CVE-2014-9645
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Mon, 2 Mar 2015 16:28:13 +0100
Message-id: <[🔎] 20150302152813.GC1651@inutil.org>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 776186@bugs.debian.org
In-reply-to: <20150126034927.GF16622@mraw.org>
References: <CANTw=MPWWRiDAxH-2KQ90p-+hvkA9bmH5e6fqs25mGHsRL_36A@mail.gmail.com> <20150126034927.GF16622@mraw.org>

On Mon, Jan 26, 2015 at 04:49:27AM +0100, Cyril Brulebois wrote:
> Michael Gilbert <mgilbert@debian.org> (2015-01-25):
> > control: tag -1 patch, pending
> > 
> > Hi,
> > 
> > I uploaded an nmu fixing this issue to delayed/15.  Please let me know
> > if I can shorten or if you want to do a maintainer upload instead.
> > See proposed patch attached.
> 
> NACK, it won't make it into testing this way.
> 
> See <20150106090747.GC27249@ugent.be> and mails before that.
> 
> Haven't had a chance to upload what I proposed, but I can look at
> including your changes on top of mine, somewhen today. (It was
> basically waiting on the d-i release, which happened earlier.)

I'm slightly confused here. Is 1:1.22.0-9+deb8u1 different from
the upload you mentioned above? 

jessie has CVE-2014-4607 fixed, but not CVE-2014-9645 (which isn't
terribly severe and which could be tagged no-dsa if no further
busybox upload is planned for jessie).

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Bug#776186: busybox: CVE-2014-9645
  - From: Cyril Brulebois <kibi@debian.org>

Prev by Date: Bug#778773: Jessie RC1 Installer parted server segfault
Next by Date: Bug#779578: user-setup: Please install sudo when installing without root password
Previous by thread: Bug#779546: debian-installer: Debian-installer does not load iwlwifi firmware correctly
Next by thread: Bug#776186: busybox: CVE-2014-9645
Index(es):
- Date
- Thread