Bug#1055307: busybox: CVE-2023-39810

To: Moritz Mühlenhoff <jmm@inutil.org>, 1055307@bugs.debian.org
Subject: Bug#1055307: busybox: CVE-2023-39810
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 23 Apr 2025 22:12:47 +0200
Message-id: <[🔎] aAlJv4ErY3pKiCvT@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1055307@bugs.debian.org
In-reply-to: <ZUVJZGv54W+nMTM2@pisco.westfalen.local>
References: <ZUVJZGv54W+nMTM2@pisco.westfalen.local> <ZUVJZGv54W+nMTM2@pisco.westfalen.local>

Control: tags -1 + fixed-upstream

On Fri, Nov 03, 2023 at 08:26:28PM +0100, Moritz Mühlenhoff wrote:
> Source: busybox
> X-Debbugs-CC: team@security.debian.org
> Severity: important
> Tags: security
> 
> Hi,
> 
> The following vulnerability was published for busybox.
> 
> CVE-2023-39810[0]:
> | An issue in the CPIO command of Busybox v1.33.2 allows attackers to
> | execute a directory traversal.
> 
> https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2023-39810
>     https://www.cve.org/CVERecord?id=CVE-2023-39810
> 
> Please adjust the affected versions in the BTS as needed.

FTR, this one has now a commit upstream as:
https://git.busybox.net/busybox/commit/?id=9a8796436b9b0641e13480811902ea2ac57881d3

Regards,
Salvatore

Reply to:

Prev by Date: Re: Uploading linux (6.12.24-1)
Next by Date: Processed: Re: Bug#1055307: busybox: CVE-2023-39810
Previous by thread: Processed (with 1 error): merging 1103993 1095302
Next by thread: Processed: Re: Bug#1055307: busybox: CVE-2023-39810
Index(es):
- Date
- Thread