Debian Bug report logs -
#999567
busybox: CVE-2021-42373 through CVE-2021-42386 (fixed in 1.34)
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Install System Team <debian-boot@lists.debian.org>
:
Bug#999567
; Package busybox
.
(Fri, 12 Nov 2021 15:57:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Diederik de Haas <didi.debian@cknow.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Install System Team <debian-boot@lists.debian.org>
.
(Fri, 12 Nov 2021 15:57:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: busybox
Version: 1:1.30.1-7+b1
Severity: important
Tags: security upstream fixed-upstream
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
https://security-tracker.debian.org/tracker/source-package/busybox
already shows them. I learned it through
https://thehackernews.com/2021/11/14-new-security-flaws-found-in-busybox.html
which indicates they have all been fixed in version 1.34, but upstream
also has 1.34.1.
This is also a request for a new upstream version, but due to the
security fixes, I made the severity 'important' like bug #985674.
Cheers,
Diederik
- -- System Information:
Debian Release: bookworm/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: arm64
Kernel: Linux 5.14.0-4-amd64 (SMP w/16 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages busybox depends on:
ii libc6 2.32-4
busybox recommends no packages.
busybox suggests no packages.
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQT1sUPBYsyGmi4usy/XblvOeH7bbgUCYY6OFQAKCRDXblvOeH7b
biIrAQDEY0MCuFS7FFhp6ivPG7/BMf/yL8WuQRnVQrvV4mbi2wD+P8hajCNFE++6
fpBcTvu8uNnwWPBeUtRIdWpPBTXNcQk=
=tqra
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Nov 17 08:50:59 2021;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.