[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: busybox security fixes



Hello Michael,

On Mon 19 May 2025 at 02:22pm +03, Michael Tokarev wrote:

> On 19.05.2025 13:52, Sean Whitton wrote:
>> Hello busybox maintainers,
>> I'm looking into the unfixed CVEs for busybox, funded by Freexian's LTS
>> effort.  This package is listed as one where the maintainers would like
>> to be involved in LTS updates.  May I ask whether you have any work
>> pending to fix the CVEs in sid and trixie?  And any pending work for a
>> bookworm PU?  I can help with all of those.
>
> Which busybox CVE fixes needs to be in trixie or sid?
>
> I've been contacted before by Tobias Frost with exactly the same
> question, and all CVEs he mentioned are fixed in trixie for a long
> time. I'm not aware of other busybox CVEs so far, at least there
> are no debian bugs filed about this.
>
> If you have more details, I'm all ears.

Do you have any updates here?  There are still three CVEs unfixed in
sid.  LTS contributors may be able to help if you need it.  Thanks.

-- 
Sean Whitton

Attachment: signature.asc
Description: PGP signature


Reply to: