Control: tags -1 + fixed-upstream On Fri, Nov 03, 2023 at 08:26:28PM +0100, Moritz Mühlenhoff wrote: > Source: busybox > X-Debbugs-CC: t...@security.debian.org > Severity: important > Tags: security > > Hi, > > The following vulnerability was published for busybox. > > CVE-2023-39810[0]: > | An issue in the CPIO command of Busybox v1.33.2 allows attackers to > | execute a directory traversal. > > https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/ > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2023-39810 > https://www.cve.org/CVERecord?id=CVE-2023-39810 > > Please adjust the affected versions in the BTS as needed.
FTR, this one has now a commit upstream as: https://git.busybox.net/busybox/commit/?id=9a8796436b9b0641e13480811902ea2ac57881d3 Regards, Salvatore