forked from pool/busybox
Accepting request 946141 from home:radolin:branches:Base:System
- Update to 1.35.0 - Adjust busybox.config for new features in find, date and cpio - Annotate CVEs already fixed in upstream, but not mentioned in .changes OBS-URL: https://build.opensuse.org/request/show/946141 OBS-URL: https://build.opensuse.org/package/show/Base:System/busybox?expand=0&rev=97
This commit is contained in:
parent
5cd72e80f4
commit
d97fbe74ba
@ -4,6 +4,28 @@ Wed Jan 12 15:40:40 UTC 2022 - Thorsten Kukuk <kukuk@suse.com>
|
|||||||
- Update to 1.35.0
|
- Update to 1.35.0
|
||||||
- Adjust busybox.config for new features in find, date and cpio
|
- Adjust busybox.config for new features in find, date and cpio
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jan 6 06:37:24 UTC 2022 - Radoslav Kolev <radoslav.kolev@suse.com>
|
||||||
|
|
||||||
|
- Annotate CVEs already fixed in upstream, but not mentioned in .changes:
|
||||||
|
* CVE-2017-16544 (bsc#1069412): Insufficient sanitization of filenames when autocompleting
|
||||||
|
* CVE-2015-9261 (bsc#1102912): huft_build misuses a pointer, causing segfaults
|
||||||
|
* CVE-2016-2147 (bsc#970663): out of bounds write (heap) due to integer underflow in udhcpc
|
||||||
|
* CVE-2016-2148 (bsc#970662): heap-based buffer overflow in OPTION_6RD parsing
|
||||||
|
* CVE-2016-6301 (bsc#991940): NTP server denial of service flaw
|
||||||
|
* CVE-2017-15873 (bsc#1064976): The get_next_block function in archival/libarchive/decompress_bunzip2.c has an Integer Overflow
|
||||||
|
* CVE-2017-15874 (bsc#1064976): archival/libarchive/decompress_unlzma.c has an Integer Underflow
|
||||||
|
* CVE-2019-5747 (bsc#1064976): out of bounds read in udhcp components
|
||||||
|
* CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376,
|
||||||
|
CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380,
|
||||||
|
CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384,
|
||||||
|
CVE-2021-42385, CVE-2021-42386 (bsc#1192869) : v1.34.0 bugfixes
|
||||||
|
- CVE-2021-28831 (bsc#1184522): invalid free or segmentation fault via malformed gzip data
|
||||||
|
- CVE-2018-20679 (bsc#1121426): out of bounds read in udhcp
|
||||||
|
- CVE-2018-1000517 (bsc#1099260): Heap-based buffer overflow in the retrieve_file_data()
|
||||||
|
- CVE-2011-5325 (bsc#951562): tar directory traversal
|
||||||
|
- CVE-2018-1000500 (bsc#1099263): wget: Missing SSL certificate validation
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sat Oct 30 09:03:16 UTC 2021 - Stephan Kulow <coolo@suse.com>
|
Sat Oct 30 09:03:16 UTC 2021 - Stephan Kulow <coolo@suse.com>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user