[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DLA 1445-3] busybox regression update



Added this release.

On Fri, Aug 03, 2018 at 01:18:30PM +0800, Markus Koschany wrote:
> Package        : busybox
> Version        : 1:1.22.0-9+deb8u4
> 
> It was found that the security update of busybox announced as
> DLA-1445-1  to prevent the exploitation of CVE-2011-5325, a symlinking
> attack, was too strict in case of cpio archives. This update restores
> the old behavior.
> 
> For Debian 8 "Jessie", this problem has been fixed in version
> 1:1.22.0-9+deb8u4.


Reply to: