[ubuntu/bionic-proposed] busybox 1:1.27.2-2ubuntu3.1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Fri Feb 8 23:07:28 UTC 2019


busybox (1:1.27.2-2ubuntu3.1) bionic; urgency=medium

  * Fix symlink handling (LP: #1753572)
    - debian/patches/CVE-2011-5325-2.patch: re-enable patch.
    - debian/patches/CVE-2011-5325-3.patch:postpone creation of symlinks
      with "suspicious" targets in archival/libarchive/data_extract_all.c,
      archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
      include/bb_archive.h, testsuite/tar.tests.
    - debian/patches/CVE-2011-5325-4.patch: extract "unsafe" symlinks
      the same way tar/unzip does in archival/cpio.c.
    - debian/patches/CVE-2011-5325-5.patch: fix symlink creation in
      archival/libarchive/get_header_ar.c.

Date: Thu, 17 Jan 2019 13:16:38 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/busybox/1:1.27.2-2ubuntu3.1
-------------- next part --------------
Format: 1.8
Date: Thu, 17 Jan 2019 13:16:38 -0500
Source: busybox
Binary: busybox busybox-static busybox-initramfs busybox-udeb busybox-syslogd udhcpc udhcpd
Architecture: source
Version: 1:1.27.2-2ubuntu3.1
Distribution: bionic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 busybox    - Tiny utilities for small and embedded systems
 busybox-initramfs - Standalone shell setup for initramfs
 busybox-static - Standalone rescue shell with tons of builtin utilities
 busybox-syslogd - Provides syslogd and klogd using busybox
 busybox-udeb - Tiny utilities for the debian-installer (udeb)
 udhcpc     - Provides the busybox DHCP client implementation
 udhcpd     - Provides the busybox DHCP server implementation
Launchpad-Bugs-Fixed: 1753572
Changes:
 busybox (1:1.27.2-2ubuntu3.1) bionic; urgency=medium
 .
   * Fix symlink handling (LP: #1753572)
     - debian/patches/CVE-2011-5325-2.patch: re-enable patch.
     - debian/patches/CVE-2011-5325-3.patch:postpone creation of symlinks
       with "suspicious" targets in archival/libarchive/data_extract_all.c,
       archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
       include/bb_archive.h, testsuite/tar.tests.
     - debian/patches/CVE-2011-5325-4.patch: extract "unsafe" symlinks
       the same way tar/unzip does in archival/cpio.c.
     - debian/patches/CVE-2011-5325-5.patch: fix symlink creation in
       archival/libarchive/get_header_ar.c.
Checksums-Sha1:
 9fb96663a1980938056cdbded1b67d4f8658003f 2417 busybox_1.27.2-2ubuntu3.1.dsc
 05da04d2c1e1485bca73cafbb48f83d8a480f4bb 65080 busybox_1.27.2-2ubuntu3.1.debian.tar.xz
 4e05f78eca3fc732f76eda0d06df76939549106f 5884 busybox_1.27.2-2ubuntu3.1_source.buildinfo
Checksums-Sha256:
 2bd9ec47014177dab6700db10d4c3fa6d7a80383193ca68a4969626f9985bdce 2417 busybox_1.27.2-2ubuntu3.1.dsc
 eb05d6ff9407d32480eeb6c48ed0019f81c791bd363f2c1dcf745fe1d124fea9 65080 busybox_1.27.2-2ubuntu3.1.debian.tar.xz
 74d6eaeb4950a040114fb67ddb9d080cf93fd2b31828fd7186a801ddd7a4abfc 5884 busybox_1.27.2-2ubuntu3.1_source.buildinfo
Files:
 491f0403efaab258cebe0458a61d7a3e 2417 utils optional busybox_1.27.2-2ubuntu3.1.dsc
 2da94515fec221a2bd2623a076c5883c 65080 utils optional busybox_1.27.2-2ubuntu3.1.debian.tar.xz
 fe1c8f3ef8af27eba70651d233b11f6a 5884 utils optional busybox_1.27.2-2ubuntu3.1_source.buildinfo
Original-Maintainer: Debian Install System Team <debian-boot at lists.debian.org>


More information about the Bionic-changes mailing list