Re: [SECURITY] [DLA 1445-3] busybox regression update

To: debian-lts@lists.debian.org
Subject: Re: [SECURITY] [DLA 1445-3] busybox regression update
From: Robert Doran <robertd@cse.unsw.edu.au>
Date: Thu, 16 Aug 2018 21:19:03 +1000
Message-id: <[🔎] 20180816111903.GF1408@cse.unsw.edu.au>
In-reply-to: <1c4ec8f9-03ff-5db3-1929-77172b5b64c3@debian.org>
References: <1c4ec8f9-03ff-5db3-1929-77172b5b64c3@debian.org>

Added this release.

On Fri, Aug 03, 2018 at 01:18:30PM +0800, Markus Koschany wrote:
> Package        : busybox
> Version        : 1:1.22.0-9+deb8u4
> 
> It was found that the security update of busybox announced as
> DLA-1445-1  to prevent the exploitation of CVE-2011-5325, a symlinking
> attack, was too strict in case of cpio archives. This update restores
> the old behavior.
> 
> For Debian 8 "Jessie", this problem has been fixed in version
> 1:1.22.0-9+deb8u4.

Reply to:

Prev by Date: Re: Apache2 CVE-2016-4975
Next by Date: Re: Removal of 'arm64' from debian-security repo breaks community projects
Previous by thread: Re: Mosquitto / CVE-2017-7653
Next by thread: Re: Removal of 'arm64' from debian-security repo breaks community projects
Index(es):
- Date
- Thread