[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: A possible regression in busybox-static version 1:1.22.0-9+deb8u2


Am 03.08.2018 um 00:27 schrieb jhcha54008:
> Hi again,
> I haven't studied thoroughly the code of busybox.
> But with the patch below applied I recover the expected
> behaviour of busybox cpio on the example archive.cpio.gz
> from the previous message.
> I hope it will help to find a solution
> Thank you for your work to keep jessie usable !

Upstream made several commits regarding CVE-2011-5325 in the past. As
Chris already mentioned before this is upstream bug


Your suggested change to extract symlinks the same way tar does makes
sense. Upstream made this change months later in


I believe we can safely apply it for Jessie.

Thanks for your help in debugging this issue!



Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: