[ubuntu/disco-proposed] busybox 1:1.27.2-2ubuntu5 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Mar 6 20:52:14 UTC 2019 

busybox (1:1.27.2-2ubuntu5) disco; urgency=medium

  * SECURITY UPDATE: buffer overflow in wget
    - debian/patches/CVE-2018-1000517.patch: check chunk length in
      networking/wget.c.
    - CVE-2018-1000517
  * SECURITY UPDATE: out-of-bounds read in udhcp
    - debian/patches/CVE-2018-20679.patch: check that 4-byte options are
      indeed 4-byte in networking/udhcp/common.*,
      networking/udhcp/dhcpc.c, networking/udhcp/dhcpd.c.
    - CVE-2018-20679
  * SECURITY UPDATE: incomplete fix for out-of-bounds read in udhcp
    - debian/patches/CVE-2019-5747.patch: when decoding DHCP_SUBNET, ensure
      it is 4 bytes long in networking/udhcp/common.*,
      networking/udhcp/dhcpc.c.
    - CVE-2019-5747

Date: Wed, 06 Mar 2019 15:11:15 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/busybox/1:1.27.2-2ubuntu5
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 06 Mar 2019 15:11:15 -0500
Source: busybox
Architecture: source
Version: 1:1.27.2-2ubuntu5
Distribution: disco
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 busybox (1:1.27.2-2ubuntu5) disco; urgency=medium
 .
   * SECURITY UPDATE: buffer overflow in wget
     - debian/patches/CVE-2018-1000517.patch: check chunk length in
       networking/wget.c.
     - CVE-2018-1000517
   * SECURITY UPDATE: out-of-bounds read in udhcp
     - debian/patches/CVE-2018-20679.patch: check that 4-byte options are
       indeed 4-byte in networking/udhcp/common.*,
       networking/udhcp/dhcpc.c, networking/udhcp/dhcpd.c.
     - CVE-2018-20679
   * SECURITY UPDATE: incomplete fix for out-of-bounds read in udhcp
     - debian/patches/CVE-2019-5747.patch: when decoding DHCP_SUBNET, ensure
       it is 4 bytes long in networking/udhcp/common.*,
       networking/udhcp/dhcpc.c.
     - CVE-2019-5747
Checksums-Sha1:
 f306c000923294e6f744556a362f375dd53280c8 2409 busybox_1.27.2-2ubuntu5.dsc
 8fd1460ae5747ee727513dd8e2e460b8156b6fe6 67560 busybox_1.27.2-2ubuntu5.debian.tar.xz
 ae456b3fb3c6075a53da86b6868e4ed4054a526d 5600 busybox_1.27.2-2ubuntu5_source.buildinfo
Checksums-Sha256:
 a5cf478dff8602d1861dfe9826687aa8e47db772fe42ffba07d44b9650d5aef5 2409 busybox_1.27.2-2ubuntu5.dsc
 09750fd9131a0f25c15422599887754112bbd63fc65344a8619106d93af22b64 67560 busybox_1.27.2-2ubuntu5.debian.tar.xz
 e451779183ff1f8d787b4ec9749726ee5654f37ed359e66ab9b83f5c52f7a28d 5600 busybox_1.27.2-2ubuntu5_source.buildinfo
Files:
 77966d85bbf798b71c45272420bf4324 2409 utils optional busybox_1.27.2-2ubuntu5.dsc
 afec22cbd4e6ad8a1ef211956f4309f0 67560 utils optional busybox_1.27.2-2ubuntu5.debian.tar.xz
 4e9f0b3f6da47f617cf9571538703daf 5600 utils optional busybox_1.27.2-2ubuntu5_source.buildinfo
Original-Maintainer: Debian Install System Team <debian-boot at lists.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlyAMokACgkQZWnYVadE
vpORbQ//fbMXvNmNvX3jtSZsy/saUksBMo6ShTaBxXccZ4n54YP4emj4DqBt9b5n
tLMeSaxzNmCCCwjUVRyLSlS6iKgJvEWCFQLbNiBdO6Sd1mag34114F8GPN0E1QJq
8ZUd0+BtIpj+qOWVeEJ6HM8EZsBtM74C5eRd16gz2GyVPcDR6Wlgo2Mr89BOyMi4
SnZlikDjyIU2nUNXNaqbq7M7Ko7zKk+EMx4pN+g5jHrXPP8uWSWqA+Ww0NqmTHFQ
majGvEdHmbpI6Cy8QOY4yvWV63Xj8xi2BWcY1pAvccQzarVEfiPyXIRjkCwZp1yR
wXY2lenAMwoxLIMQROu9NwMt3Uo+vAphchEJZO6jVqy8OgLrpWp4djMAIKrOlY5K
ppc0uN/9sJV4xhOyQL+B43VXcXPayV3TUTyaidf6yMCTF4R5P7PqrBwSJuM9PYQu
aBya7276yit0YomVulcvK30Tk1CIL/5aXlwpdBp0qm+rpw8PYo+yIdJDAQZ93gYZ
kCJhluqHmU9fYwKQrsRIzU/Vm8ZbnZtUCC972ePb8stEm2CtiDlfNfhyYpfVlyy0
wUZwlN0SibOj9AjyE7nV4XuMZOpgU1w8/37AZDIibUWUhhJmBn1J/G6oV9i3MRvG
mPM6dmkkLfeTmzPCjlAuEIdiPj0RIH2+i9By6WvpIeAIlLM6hK0=
=0fJj
-----END PGP SIGNATURE-----

More information about the Disco-changes mailing list