[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#999567: busybox: CVE-2021-42373 through CVE-2021-42386 (fixed in 1.34)

Package: busybox
Version: 1:1.30.1-7+b1
Severity: important
Tags: security upstream fixed-upstream
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

https://security-tracker.debian.org/tracker/source-package/busybox
already shows them. I learned it through
https://thehackernews.com/2021/11/14-new-security-flaws-found-in-busybox.html
which indicates they have all been fixed in version 1.34, but upstream
also has 1.34.1.
This is also a request for a new upstream version, but due to the
security fixes, I made the severity 'important' like bug #985674.

Cheers,
  Diederik

- -- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: arm64

Kernel: Linux 5.14.0-4-amd64 (SMP w/16 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages busybox depends on:
ii  libc6  2.32-4

busybox recommends no packages.

busybox suggests no packages.

- -- no debconf information

-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQT1sUPBYsyGmi4usy/XblvOeH7bbgUCYY6OFQAKCRDXblvOeH7b
biIrAQDEY0MCuFS7FFhp6ivPG7/BMf/yL8WuQRnVQrvV4mbi2wD+P8hajCNFE++6
fpBcTvu8uNnwWPBeUtRIdWpPBTXNcQk=
=tqra
-----END PGP SIGNATURE-----
Reply to: