[ubuntu/cosmic-proposed] busybox 1:1.27.2-2ubuntu4 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Mon Jul 9 14:39:16 UTC 2018 

busybox (1:1.27.2-2ubuntu4) cosmic; urgency=medium

  * Fix symlink handling (LP: #1753572)
    - debian/patches/CVE-2011-5325-2.patch: re-enable patch.
    - debian/patches/CVE-2011-5325-3.patch:postpone creation of symlinks
      with "suspicious" targets in archival/libarchive/data_extract_all.c,
      archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
      include/bb_archive.h, testsuite/tar.tests.
    - debian/patches/CVE-2011-5325-4.patch: extract "unsafe" symlinks
      the same way tar/unzip does in archival/cpio.c.
    - debian/patches/CVE-2011-5325-5.patch: fix symlink creation in
      archival/libarchive/get_header_ar.c.

Date: Mon, 09 Jul 2018 10:25:24 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/busybox/1:1.27.2-2ubuntu4
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 09 Jul 2018 10:25:24 -0400
Source: busybox
Binary: busybox busybox-static busybox-initramfs busybox-udeb busybox-syslogd udhcpc udhcpd
Architecture: source
Version: 1:1.27.2-2ubuntu4
Distribution: cosmic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 busybox    - Tiny utilities for small and embedded systems
 busybox-initramfs - Standalone shell setup for initramfs
 busybox-static - Standalone rescue shell with tons of builtin utilities
 busybox-syslogd - Provides syslogd and klogd using busybox
 busybox-udeb - Tiny utilities for the debian-installer (udeb)
 udhcpc     - Provides the busybox DHCP client implementation
 udhcpd     - Provides the busybox DHCP server implementation
Launchpad-Bugs-Fixed: 1753572
Changes:
 busybox (1:1.27.2-2ubuntu4) cosmic; urgency=medium
 .
   * Fix symlink handling (LP: #1753572)
     - debian/patches/CVE-2011-5325-2.patch: re-enable patch.
     - debian/patches/CVE-2011-5325-3.patch:postpone creation of symlinks
       with "suspicious" targets in archival/libarchive/data_extract_all.c,
       archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
       include/bb_archive.h, testsuite/tar.tests.
     - debian/patches/CVE-2011-5325-4.patch: extract "unsafe" symlinks
       the same way tar/unzip does in archival/cpio.c.
     - debian/patches/CVE-2011-5325-5.patch: fix symlink creation in
       archival/libarchive/get_header_ar.c.
Checksums-Sha1:
 70adf0e3f13f0f57de71441e04db7d29742a33fd 2409 busybox_1.27.2-2ubuntu4.dsc
 a0582a6274b1f9953ec55b23e0894f8af7f44c54 65052 busybox_1.27.2-2ubuntu4.debian.tar.xz
 9a4637a6f4cd514ebb7e3576b117b92e0e9ec696 5632 busybox_1.27.2-2ubuntu4_source.buildinfo
Checksums-Sha256:
 0171efb062eb5e81a5d73b1e0b20739219daf6054fc005b10c92bf80a55d64d0 2409 busybox_1.27.2-2ubuntu4.dsc
 fb540ee568f9baa9bdcc472788852fba853b2f2a2cf7176b2d741f842759da1d 65052 busybox_1.27.2-2ubuntu4.debian.tar.xz
 3a0a0e73059c32a7551d8a3783896c9a719db847ad1629456fc11eb928b3f080 5632 busybox_1.27.2-2ubuntu4_source.buildinfo
Files:
 951d3151a698f1b4055bdb916a254785 2409 utils optional busybox_1.27.2-2ubuntu4.dsc
 cbc1ef026c98d8becb3487730c65ca43 65052 utils optional busybox_1.27.2-2ubuntu4.debian.tar.xz
 397135382c846c88d25b476e7f2b4fba 5632 utils optional busybox_1.27.2-2ubuntu4_source.buildinfo
Original-Maintainer: Debian Install System Team <debian-boot at lists.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAltDcw8ACgkQZWnYVadE
vpNjORAAsTL1SHLowLSDGeX9cZs62kkZvIW9sABD7FP6ViKYdr1RSrJsnYqyh7Ir
74tZIae+YDjTdL6wxmwwJvK7OdVfDSBO8hNEon/j5rmaRA0bWii0kb9yjAOqLuLf
HWVouRGiVdeFrbh0rxvYqCBzuYQtiADxfTMitrlxm6bvbKSNo+bHas39WC58fO+M
VAKPRY0jJUtd8HcTovzpMzo1Wrmi6SsxARRm+VnS2CZaMwi7BgvKE1H0rYs9kU9I
rtQNHaRxz4VjqM3XC1Sq7GxKDc98lc4dhgPIjLcXrRfvPDXmUQ2673ksT0VyR8WE
I2VI2rq1yf2JqWA666aqxBJxhpjez/oCK/BXrnR0Wy2FNpEE3au/JN1EvnAcS1Uk
LS8G6MpqWEiDdzgsrsMdbarT6OmD0XpDBCul3uVViBA7lFmnVj1dvdXFp2shzJdH
P5lOXM7EAegrLX2sBfJWS0RIQ/0xppVhsaaPjVQ21DQkA7EsEDjwjEMViAGx3Xe1
O5Yjc4p0y7QMfQJJG9qnQKTbL9nJ9t1jAG/riG+1YG2YID/756yxG1QT/GlLR9Te
KiSDsOfIWtzwttIKoEtppX6FRBcsr6XQzijDigXUisFqcRl9zNye3Yg0AMIL7o7R
LRw8A75h+nLj/ioSoFsehffuWIGpm9sCwz3o1FB/UF334922CsU=
=Kwc9
-----END PGP SIGNATURE-----

More information about the Cosmic-changes mailing list