Summary: | <sys-apps/busybox-1.28.0: two integer overflow | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | embedded |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=638258 https://bugs.busybox.net/show_bug.cgi?id=10431 https://bugs.busybox.net/show_bug.cgi?id=10436 |
||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 638258 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2017-10-25 07:24:58 UTC
the maintainer fixed all this bugs allready but doesn't mark them with the corresponding CVE number and he doesn't release a new version that fixes all of this vulnerabilities: CVE-2017-15873 - https://bugs.busybox.net/show_bug.cgi?id=10431 fixed with this commit https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0 CVE-2017-15874 - https://bugs.busybox.net/show_bug.cgi?id=10436 fixed with https://git.busybox.net/busybox/commit/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7271c533c68a35f72cdb907d3e2743275505c5c6 commit 7271c533c68a35f72cdb907d3e2743275505c5c6 Author: Mike Frysinger <vapier@gentoo.org> AuthorDate: 2018-01-24 04:11:19 +0000 Commit: Mike Frysinger <vapier@gentoo.org> CommitDate: 2018-01-24 04:14:46 +0000 sys-apps/busybox: version bump to 1.28.0 #563756 #635392 #638258 Bug: https://bugs.gentoo.org/563756 Bug: https://bugs.gentoo.org/635392 Bug: https://bugs.gentoo.org/638258 sys-apps/busybox/Manifest | 1 + sys-apps/busybox/busybox-1.28.0.ebuild | 310 +++++++++++++++++++++++++++++++++ 2 files changed, 311 insertions(+)} Note: stabilization called for in bug #638258 This issue was resolved and addressed in GLSA 201803-12 at https://security.gentoo.org/glsa/201803-12 by GLSA coordinator Aaron Bauman (b-man). |