[ubuntu/bionic-proposed] busybox 1:1.27.2-2ubuntu3.1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Fri Feb 8 23:07:28 UTC 2019
busybox (1:1.27.2-2ubuntu3.1) bionic; urgency=medium
* Fix symlink handling (LP: #1753572)
- debian/patches/CVE-2011-5325-2.patch: re-enable patch.
- debian/patches/CVE-2011-5325-3.patch:postpone creation of symlinks
with "suspicious" targets in archival/libarchive/data_extract_all.c,
archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
include/bb_archive.h, testsuite/tar.tests.
- debian/patches/CVE-2011-5325-4.patch: extract "unsafe" symlinks
the same way tar/unzip does in archival/cpio.c.
- debian/patches/CVE-2011-5325-5.patch: fix symlink creation in
archival/libarchive/get_header_ar.c.
Date: Thu, 17 Jan 2019 13:16:38 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/busybox/1:1.27.2-2ubuntu3.1
-------------- next part --------------
Format: 1.8
Date: Thu, 17 Jan 2019 13:16:38 -0500
Source: busybox
Binary: busybox busybox-static busybox-initramfs busybox-udeb busybox-syslogd udhcpc udhcpd
Architecture: source
Version: 1:1.27.2-2ubuntu3.1
Distribution: bionic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
busybox - Tiny utilities for small and embedded systems
busybox-initramfs - Standalone shell setup for initramfs
busybox-static - Standalone rescue shell with tons of builtin utilities
busybox-syslogd - Provides syslogd and klogd using busybox
busybox-udeb - Tiny utilities for the debian-installer (udeb)
udhcpc - Provides the busybox DHCP client implementation
udhcpd - Provides the busybox DHCP server implementation
Launchpad-Bugs-Fixed: 1753572
Changes:
busybox (1:1.27.2-2ubuntu3.1) bionic; urgency=medium
.
* Fix symlink handling (LP: #1753572)
- debian/patches/CVE-2011-5325-2.patch: re-enable patch.
- debian/patches/CVE-2011-5325-3.patch:postpone creation of symlinks
with "suspicious" targets in archival/libarchive/data_extract_all.c,
archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
include/bb_archive.h, testsuite/tar.tests.
- debian/patches/CVE-2011-5325-4.patch: extract "unsafe" symlinks
the same way tar/unzip does in archival/cpio.c.
- debian/patches/CVE-2011-5325-5.patch: fix symlink creation in
archival/libarchive/get_header_ar.c.
Checksums-Sha1:
9fb96663a1980938056cdbded1b67d4f8658003f 2417 busybox_1.27.2-2ubuntu3.1.dsc
05da04d2c1e1485bca73cafbb48f83d8a480f4bb 65080 busybox_1.27.2-2ubuntu3.1.debian.tar.xz
4e05f78eca3fc732f76eda0d06df76939549106f 5884 busybox_1.27.2-2ubuntu3.1_source.buildinfo
Checksums-Sha256:
2bd9ec47014177dab6700db10d4c3fa6d7a80383193ca68a4969626f9985bdce 2417 busybox_1.27.2-2ubuntu3.1.dsc
eb05d6ff9407d32480eeb6c48ed0019f81c791bd363f2c1dcf745fe1d124fea9 65080 busybox_1.27.2-2ubuntu3.1.debian.tar.xz
74d6eaeb4950a040114fb67ddb9d080cf93fd2b31828fd7186a801ddd7a4abfc 5884 busybox_1.27.2-2ubuntu3.1_source.buildinfo
Files:
491f0403efaab258cebe0458a61d7a3e 2417 utils optional busybox_1.27.2-2ubuntu3.1.dsc
2da94515fec221a2bd2623a076c5883c 65080 utils optional busybox_1.27.2-2ubuntu3.1.debian.tar.xz
fe1c8f3ef8af27eba70651d233b11f6a 5884 utils optional busybox_1.27.2-2ubuntu3.1_source.buildinfo
Original-Maintainer: Debian Install System Team <debian-boot at lists.debian.org>
More information about the Bionic-changes
mailing list