4a03d17172
The patches have been used by Alpine for 5 months now and they were posted on the Busybox mailing list mid-July with no review or comment. According to Ariadne Conill[1] - though NVD CVSS 3.x Base Score seems to disagree - this has a low security impact so we could probably just wait for upstream to merge the patches or implement it the way they want. Considering those patches have been public for 5 months and upstream hasn't acted until now, let's take the patches from the mailing list anyway as there's no indication the CVEs will be fixed upstream soon. [1] https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661 Cc: Quentin Schulz <foss+buildroot@0leil.net> Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> |
||
|---|---|---|
| .. | ||
| 0001-networking-libiproute-use-linux-if_packet.h-instead-.patch | ||
| 0002-Makefile.flags-strip-non-l-arguments-returned-by-pkg.patch | ||
| 0003-awk-fix-use-after-free-CVE-2022-30065.patch | ||
| 0004-libbb-sockaddr2str-ensure-only-printable-characters-.patch | ||
| 0005-nslookup-sanitize-all-printed-strings-with-printable.patch | ||
| busybox-minimal.config | ||
| busybox.config | ||
| busybox.hash | ||
| busybox.mk | ||
| Config.in | ||
| inittab | ||
| mdev.conf | ||
| S01syslogd | ||
| S02klogd | ||
| S02sysctl | ||
| S10mdev | ||
| S15watchdog | ||
| S50telnet | ||
| telnetd.service | ||
| udhcpc.script | ||