From 2.3.4 release notes (https://github.com/ReFirmLabs/binwalk/releases/tag/v2.3.4): >Merged patch to fix PFS directory traversal / code execution bug. Credit: Quentin Kaiser. -> https://onekey.com/blog/security-advisory-remote-command-execution-in-binwalk/
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=61cd52d3435a3b792687a8490e85c00f22bf141e commit 61cd52d3435a3b792687a8490e85c00f22bf141e Author: Sam James <sam@gentoo.org> AuthorDate: 2023-04-01 01:06:10 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-04-01 01:08:23 +0000 app-misc/binwalk: add 2.3.4 Bug: https://bugs.gentoo.org/903652 Closes: https://bugs.gentoo.org/892880 Signed-off-by: Sam James <sam@gentoo.org> app-misc/binwalk/Manifest | 1 + app-misc/binwalk/binwalk-2.3.4.ebuild | 44 +++++++++++++++++++++++++++++++++++ app-misc/binwalk/binwalk-9999.ebuild | 2 ++ 3 files changed, 47 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4558bf8ff85642dc17177e81712644419e03be25 commit 4558bf8ff85642dc17177e81712644419e03be25 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-05-31 04:36:35 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-05-31 04:36:53 +0000 app-misc/binwalk: drop 2.3.3, 2.3.3-r1 Bug: https://bugs.gentoo.org/903652 Signed-off-by: John Helmert III <ajak@gentoo.org> app-misc/binwalk/Manifest | 1 - app-misc/binwalk/binwalk-2.3.3-r1.ebuild | 44 -------------------------------- app-misc/binwalk/binwalk-2.3.3.ebuild | 43 ------------------------------- 3 files changed, 88 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a522416d0d59ed1f4e1d69e41885666abf6d880a commit a522416d0d59ed1f4e1d69e41885666abf6d880a Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-09-17 06:32:11 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-09-17 06:33:22 +0000 [ GLSA 202309-07 ] Binwalk: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/820614 Bug: https://bugs.gentoo.org/903652 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202309-07.xml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+)