[ubuntu/jammy-proposed] busybox 1:1.30.1-7ubuntu2 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Thu Nov 25 12:00:14 UTC 2021
busybox (1:1.30.1-7ubuntu2) jammy; urgency=medium
* SECURITY UPDATE: invalid free or segfault via gzip data
- debian/patches/CVE-2021-28831.patch: fix DoS if gzip is corrupt in
archival/libarchive/decompress_gunzip.c.
- CVE-2021-28831
* SECURITY UPDATE: OOB read in unlzma
- debian/patches/CVE-2021-42374.patch: fix a case where we could read
before beginning of buffer in archival/libarchive/decompress_unlzma.c,
testsuite/unlzma.tests.
- CVE-2021-42374
* SECURITY UPDATE: multiple security issues in awk
- debian/patches/CVE-2021-423xx-awk.patch: backport awk.c from
busybox 1.34.1.
- CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381,
CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386
Date: Wed, 24 Nov 2021 14:52:59 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/busybox/1:1.30.1-7ubuntu2
-------------- next part --------------
Format: 1.8
Date: Wed, 24 Nov 2021 14:52:59 -0500
Source: busybox
Built-For-Profiles: noudeb
Architecture: source
Version: 1:1.30.1-7ubuntu2
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
busybox (1:1.30.1-7ubuntu2) jammy; urgency=medium
.
* SECURITY UPDATE: invalid free or segfault via gzip data
- debian/patches/CVE-2021-28831.patch: fix DoS if gzip is corrupt in
archival/libarchive/decompress_gunzip.c.
- CVE-2021-28831
* SECURITY UPDATE: OOB read in unlzma
- debian/patches/CVE-2021-42374.patch: fix a case where we could read
before beginning of buffer in archival/libarchive/decompress_unlzma.c,
testsuite/unlzma.tests.
- CVE-2021-42374
* SECURITY UPDATE: multiple security issues in awk
- debian/patches/CVE-2021-423xx-awk.patch: backport awk.c from
busybox 1.34.1.
- CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381,
CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386
Checksums-Sha1:
76e1205281837c365593375cbae3cd33f4574846 2415 busybox_1.30.1-7ubuntu2.dsc
8ee9b7d9cd33754325357d9f111e65caa372ef4d 68592 busybox_1.30.1-7ubuntu2.debian.tar.xz
9b9023ca8a97b6713f7ea655db9a8df3b3d2a519 6213 busybox_1.30.1-7ubuntu2_source.buildinfo
Checksums-Sha256:
120efbdb8ef76f486ca8a8f0ac1551fb9080a9869918353dadfddc5c33a0e4c6 2415 busybox_1.30.1-7ubuntu2.dsc
add0b6635bc2be58fde09ebfae4ed952d06858965181827c9418bcb310f090a4 68592 busybox_1.30.1-7ubuntu2.debian.tar.xz
368cf71fe75300994d8b4a59f28a4a49c4e8b2abebdf39b7d41bea6077a9fe19 6213 busybox_1.30.1-7ubuntu2_source.buildinfo
Files:
08a39c0564ec514e1357801bc0f68549 2415 utils optional busybox_1.30.1-7ubuntu2.dsc
31eb5ce296e127a89ebb21724dbbd24b 68592 utils optional busybox_1.30.1-7ubuntu2.debian.tar.xz
bd4a4f8cefeae52a0d98d10fec092234 6213 utils optional busybox_1.30.1-7ubuntu2_source.buildinfo
Original-Maintainer: Debian Install System Team <debian-boot at lists.debian.org>
More information about the jammy-changes
mailing list