kumquat-buildroot/package/busybox
Quentin Schulz 4a03d17172 package/busybox: fix CVE-2022-28391
The patches have been used by Alpine for 5 months now and they were
posted on the Busybox mailing list mid-July with no review or comment.

According to Ariadne Conill[1] - though NVD CVSS 3.x Base Score seems to
disagree - this has a low security impact so we could probably just wait
for upstream to merge the patches or implement it the way they want.

Considering those patches have been public for 5 months and upstream
hasn't acted until now, let's take the patches from the mailing list
anyway as there's no indication the CVEs will be fixed upstream soon.

[1] https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661

Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-09-19 21:34:41 +02:00
..
0001-networking-libiproute-use-linux-if_packet.h-instead-.patch
0002-Makefile.flags-strip-non-l-arguments-returned-by-pkg.patch
0003-awk-fix-use-after-free-CVE-2022-30065.patch
0004-libbb-sockaddr2str-ensure-only-printable-characters-.patch package/busybox: fix CVE-2022-28391 2022-09-19 21:34:41 +02:00
0005-nslookup-sanitize-all-printed-strings-with-printable.patch package/busybox: fix CVE-2022-28391 2022-09-19 21:34:41 +02:00
busybox-minimal.config
busybox.config
busybox.hash
busybox.mk package/busybox: fix CVE-2022-28391 2022-09-19 21:34:41 +02:00
Config.in
inittab
mdev.conf
S01syslogd
S02klogd
S02sysctl
S10mdev
S15watchdog
S50telnet
telnetd.service
udhcpc.script