[ubuntu/jammy-proposed] busybox 1:1.30.1-7ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Nov 25 12:00:14 UTC 2021


busybox (1:1.30.1-7ubuntu2) jammy; urgency=medium

  * SECURITY UPDATE: invalid free or segfault via gzip data
    - debian/patches/CVE-2021-28831.patch: fix DoS if gzip is corrupt in
      archival/libarchive/decompress_gunzip.c.
    - CVE-2021-28831
  * SECURITY UPDATE: OOB read in unlzma
    - debian/patches/CVE-2021-42374.patch: fix a case where we could read
      before beginning of buffer in archival/libarchive/decompress_unlzma.c,
      testsuite/unlzma.tests.
    - CVE-2021-42374
  * SECURITY UPDATE: multiple security issues in awk
    - debian/patches/CVE-2021-423xx-awk.patch: backport awk.c from
      busybox 1.34.1.
    - CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381,
      CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386

Date: Wed, 24 Nov 2021 14:52:59 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/busybox/1:1.30.1-7ubuntu2
-------------- next part --------------
Format: 1.8
Date: Wed, 24 Nov 2021 14:52:59 -0500
Source: busybox
Built-For-Profiles: noudeb
Architecture: source
Version: 1:1.30.1-7ubuntu2
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 busybox (1:1.30.1-7ubuntu2) jammy; urgency=medium
 .
   * SECURITY UPDATE: invalid free or segfault via gzip data
     - debian/patches/CVE-2021-28831.patch: fix DoS if gzip is corrupt in
       archival/libarchive/decompress_gunzip.c.
     - CVE-2021-28831
   * SECURITY UPDATE: OOB read in unlzma
     - debian/patches/CVE-2021-42374.patch: fix a case where we could read
       before beginning of buffer in archival/libarchive/decompress_unlzma.c,
       testsuite/unlzma.tests.
     - CVE-2021-42374
   * SECURITY UPDATE: multiple security issues in awk
     - debian/patches/CVE-2021-423xx-awk.patch: backport awk.c from
       busybox 1.34.1.
     - CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381,
       CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386
Checksums-Sha1:
 76e1205281837c365593375cbae3cd33f4574846 2415 busybox_1.30.1-7ubuntu2.dsc
 8ee9b7d9cd33754325357d9f111e65caa372ef4d 68592 busybox_1.30.1-7ubuntu2.debian.tar.xz
 9b9023ca8a97b6713f7ea655db9a8df3b3d2a519 6213 busybox_1.30.1-7ubuntu2_source.buildinfo
Checksums-Sha256:
 120efbdb8ef76f486ca8a8f0ac1551fb9080a9869918353dadfddc5c33a0e4c6 2415 busybox_1.30.1-7ubuntu2.dsc
 add0b6635bc2be58fde09ebfae4ed952d06858965181827c9418bcb310f090a4 68592 busybox_1.30.1-7ubuntu2.debian.tar.xz
 368cf71fe75300994d8b4a59f28a4a49c4e8b2abebdf39b7d41bea6077a9fe19 6213 busybox_1.30.1-7ubuntu2_source.buildinfo
Files:
 08a39c0564ec514e1357801bc0f68549 2415 utils optional busybox_1.30.1-7ubuntu2.dsc
 31eb5ce296e127a89ebb21724dbbd24b 68592 utils optional busybox_1.30.1-7ubuntu2.debian.tar.xz
 bd4a4f8cefeae52a0d98d10fec092234 6213 utils optional busybox_1.30.1-7ubuntu2_source.buildinfo
Original-Maintainer: Debian Install System Team <debian-boot at lists.debian.org>


More information about the jammy-changes mailing list