Control: tags -1 + fixed-upstream

On Fri, Nov 03, 2023 at 08:26:28PM +0100, Moritz Mühlenhoff wrote:
> Source: busybox
> X-Debbugs-CC: t...@security.debian.org
> Severity: important
> Tags: security
> 
> Hi,
> 
> The following vulnerability was published for busybox.
> 
> CVE-2023-39810[0]:
> | An issue in the CPIO command of Busybox v1.33.2 allows attackers to
> | execute a directory traversal.
> 
> https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2023-39810
>     https://www.cve.org/CVERecord?id=CVE-2023-39810
> 
> Please adjust the affected versions in the BTS as needed.

FTR, this one has now a commit upstream as:
https://git.busybox.net/busybox/commit/?id=9a8796436b9b0641e13480811902ea2ac57881d3

Regards,
Salvatore

Reply via email to