Re: busybox security fixes

To: Sean Whitton <spwhitton@spwhitton.name>, debian-boot@lists.debian.org, Michael Tokarev <mjt@debian.org>
Cc: debian-lts@lists.debian.org, Tobias Frost <tobi@debian.org>
Subject: Re: busybox security fixes
From: Michael Tokarev <mjt@tls.msk.ru>
Date: Mon, 19 May 2025 14:22:14 +0300
Message-id: <[🔎] be6354f1-59f1-4039-99d3-6130bd8b5650@tls.msk.ru>
In-reply-to: <[🔎] 871psk3mar.fsf@zephyr.silentflame.com>
References: <[🔎] 871psk3mar.fsf@zephyr.silentflame.com>

On 19.05.2025 13:52, Sean Whitton wrote:

Hello busybox maintainers,

I'm looking into the unfixed CVEs for busybox, funded by Freexian's LTS
effort.  This package is listed as one where the maintainers would like
to be involved in LTS updates.  May I ask whether you have any work
pending to fix the CVEs in sid and trixie?  And any pending work for a
bookworm PU?  I can help with all of those.


Which busybox CVE fixes needs to be in trixie or sid?

I've been contacted before by Tobias Frost with exactly the same
question, and all CVEs he mentioned are fixed in trixie for a long
time. I'm not aware of other busybox CVEs so far, at least there
are no debian bugs filed about this.

If you have more details, I'm all ears.

Thanks,

/mjt

Reply to:

Follow-Ups:
- Re: busybox security fixes
  - From: Michael Tokarev <mjt@tls.msk.ru>

References:
- busybox security fixes
  - From: Sean Whitton <spwhitton@spwhitton.name>

Prev by Date: Re: busybox security fixes
Next by Date: Bug#1106077: installation-reports Tyan TN71-BP012 POWER8 debian-trixie-DI-rc1-ppc64el
Previous by thread: busybox security fixes
Next by thread: Re: busybox security fixes
Index(es):
- Date
- Thread