This bug was fixed in the package busybox - 1:1.36.1-9ubuntu1
---------------
busybox (1:1.36.1-9ubuntu1) oracular; urgency=medium
* Merge with Debian unstable (LP: #2074188). Remaining changes:
- Add busybox-initramfs binary package and initramfs flavour:
- Add dirname from coreutils to the initramfs
- Enable the new klibc utility implementations, nuke and run-init
in the initramfs package; and also enable reboot. Doesn't yet make
klibc-utils irrelevant - we still use ipconfig, fstype, and nfsmount
- but it moves us much closer and should save a little bit of disk
space.
- Enable TLS in initramfs flavour of wget applet, requires openssl
- debian/config/pkg/initramfs: Enable the date applet with the same
options as the other variants for use in fixrtc and casper scripts.
- Prefer busybox cmds over klibc cmds where there is duplication.
- Move zz-busybox to busybox-initramfs to ensure we get links to all
the tools we need, stop shipping it anywhere else.
- d/tree/busybox/usr/share/initramfs-tools/hooks/zz-busybox:
Copy certs and openssl config for the casper+busybox-initramfs case.
- Add Ubuntu configuration for busybox binaries.
- test-bin.patch: Move test and friends to /bin.
- static-sh-alias.patch: Add static-sh alias name for ash, and install
/bin/static-sh symlink to busybox in busybox-static.
- d/config/pkg/{deb,static}: Enable chpasswd (needed by LXC).
- SECURITY UPDATE: stack overflow in ash
- debian/patches/CVE-2022-48174.patch: error out on number followed by
another number or variable name in shell/math.c.
- CVE-2022-48174
- SECURITY UPDATE: use after free in awk
- debian/patches/CVE-2023-42364.patch: fix precedence of = relative to ==
in editors/awk.c.
- debian/patches/fix-awk-assignment-precedence.patch: restore assignment
precedence to be lower than ternary ?: in editors/awk.c.
- CVE-2023-42364, CVE-2023-42365
- SECURITY UPDATE: use after free in awk
- debian/patches/CVE-2023-42363.patch: get L.s after R.v is evaluated in
editors/awk.c.
- CVE-2023-42363
* Dropped changes:
- Drop d/p/reverse-cbq.patch: Re-instate defines from removed kernel
headers
busybox (1:1.36.1-9) unstable; urgency=medium
* platform-linux.diff: udhcpc6 also depends on PLATFORM_LINUX
(fixes ftbfs on hurd)
busybox (1:1.36.1-8) unstable; urgency=medium
* busybox-1.36.1-no-cbq.patch to disable CBQ which is dropped
from kernel in 6.8 (Closes: #1071648)
busybox (1:1.36.1-7) unstable; urgency=medium
* udeb: remove all modutils (kmod-udeb provides better alternatives)
(Closes: #1060134)
* deb, static, udeb: provide install applet (Closes: #1069864)
* udhcpc/default.script: recognize $search dhcp parameter too,
in addition to $domain (and simplify these parts a bit)
-- Ravi Kant Sharma <ravi.kant.sha...@canonical.com> Thu, 15 Aug 2024
14:29:03 +0200
** Changed in: busybox (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-48174
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-42363
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-42364
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-42365
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/2074188
Title:
Please merge busybox 1:1.36.1-9 into oracular
Status in busybox package in Ubuntu:
Fix Released
Bug description:
tracking bug
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/2074188/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
