CVE-2022-32298: Toybox v0.8.7 was discovered to contain a NULL pointer dereference via the component httpd.c. This vulnerability can lead to a Denial of Service (DoS) via unspecified vectors.
Patch is in 0.8.8. Ping Patrick.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d5277109c1b389133963301c5fdaf1f19b054567 commit d5277109c1b389133963301c5fdaf1f19b054567 Author: Patrick Lauer <patrick@gentoo.org> AuthorDate: 2022-08-19 06:34:05 +0000 Commit: Patrick Lauer <patrick@gentoo.org> CommitDate: 2022-08-19 06:35:34 +0000 sys-apps/toybox: Add 0.8.8 Also remove old Bug: https://bugs.gentoo.org/858110 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Patrick Lauer <patrick@gentoo.org> sys-apps/toybox/Manifest | 5 +- sys-apps/toybox/toybox-0.8.4-r1.ebuild | 58 ---------------------- sys-apps/toybox/toybox-0.8.5-r1.ebuild | 58 ---------------------- sys-apps/toybox/toybox-0.8.7.ebuild | 58 ---------------------- .../{toybox-0.8.6.ebuild => toybox-0.8.8.ebuild} | 2 +- 5 files changed, 2 insertions(+), 179 deletions(-)
