Bug#882258: busybox: CVE-2017-16544: lineedit: do not tab-complete any strings which have control characters

To: Chris Boot <bootc@debian.org>
Cc: 882258@bugs.debian.org
Subject: Bug#882258: busybox: CVE-2017-16544: lineedit: do not tab-complete any strings which have control characters
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 5 Feb 2018 12:57:30 +0100
Message-id: <[🔎] 20180205115730.eucav7nvaecfrxsn@lorien.valinor.li>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 882258@bugs.debian.org
In-reply-to: <2b90d242-8ede-d5dd-fa98-7a9e9aa6db99@debian.org>
References: <151120740087.11949.10571240798989643218.reportbug@eldamar.local> <2b90d242-8ede-d5dd-fa98-7a9e9aa6db99@debian.org> <151120740087.11949.10571240798989643218.reportbug@eldamar.local>

Hi

On Mon, Feb 05, 2018 at 11:52:28AM +0100, Chris Boot wrote:
> Version: 1:1.27.2-2
> 
> Hi Salvatore,
> 
> This was fixed in the last upload of busybox but the bug wasn't closed,
> sorry. I see that the security tracker has been updated already, though.

Thanks for the notice! Yes we did already update the tracker (which
presumalby was after we checked the 1:1.27.2-2 upload).

Regards,
Salvatore

Reply to:

Prev by Date: Bug#789475: marked as done (udhcpc: valid rfc1123 hostname recognized as "bad")
Next by Date: Bug#774227: busybox-static: execs applets when chrooting
Previous by thread: Bug#789475: marked as done (udhcpc: valid rfc1123 hostname recognized as "bad")
Next by thread: Bug#794049: marked as done (udhcpc: option domain with dns labels starting by numbers)
Index(es):
- Date
- Thread