This bug was fixed in the package busybox - 1:1.37.0-4ubuntu1
---------------
busybox (1:1.37.0-4ubuntu1) plucky; urgency=medium
* Merge with Debian unstable (LP: #2090999). Remaining changes:
- Add busybox-initramfs binary package and initramfs flavour:
- Add dirname from coreutils to the initramfs
- Enable the new klibc utility implementations, nuke and run-init
in the initramfs package; and also enable reboot. Doesn't yet make
klibc-utils irrelevant - we still use ipconfig, fstype, and nfsmount
- but it moves us much closer and should save a little bit of disk
space.
- Enable TLS in initramfs flavour of wget applet, requires openssl
- debian/config/pkg/initramfs: Enable the date applet with the same
options as the other variants for use in fixrtc and casper scripts.
- Prefer busybox cmds over klibc cmds where there is duplication.
- Move zz-busybox to busybox-initramfs to ensure we get links to all
the tools we need, stop shipping it anywhere else.
- d/tree/busybox/usr/share/initramfs-tools/hooks/zz-busybox:
Copy certs and openssl config for the casper+busybox-initramfs case.
- Add Ubuntu configuration for busybox binaries.
- test-bin.patch: Move test and friends to /bin.
- static-sh-alias.patch: Add static-sh alias name for ash, and install
/bin/static-sh symlink to busybox in busybox-static.
- d/config/pkg/{deb,static}: Enable chpasswd (needed by LXC).
* Patches merged upstream, dropping:
- CVE-2023-42364.patch
- CVE-2022-48174.patch
- CVE-2023-42363.patch
- fix-awk-assignment-precedence.patch
busybox (1:1.37.0-4) unstable; urgency=medium
* d/control: use Static-Built-Using for busybox-static, not Built-Using
* fix-od-and-hexdump-tests-on-big-endian-hosts.patch: v2
(implement it a bit differently, fix bug in v1)
busybox (1:1.37.0-3) unstable; urgency=medium
* d/patches: +fix-od-and-hexdump-tests-on-big-endian-hosts.patch
to fix tests failure on big-endian hosts
busybox (1:1.37.0-2) unstable; urgency=medium
* libbb-sha-add-missing-sha-NI-guard.patch - fix ftbfs on !x86
busybox (1:1.37.0-1) unstable; urgency=medium
* new upstream release 1.37.0
Closes: CVE-2021-42380 (awk use-after-realloc)
Cloese: CVE-2023-42363 (awk use-after-free)
* d/patches/: refresh platform-linux.diff and version.patch
* d/patches/: remove:
- install-fix-chown-resetting-suid-sgid-bits-from-chmod.patch
- syslogd-daemonize-after-init-make-errs-visible.patch
- syslogd-decrease-stack-usage-50-bytes.patch
- syslogd-fix-breakage-caused-by-daemonize-_after_-ini.patch
* d/config/pkg/*: update configs:
- enable time64
- enable find exec-ok for regular and static builds
- enable getfattr for regular and static builds
- enable ip-link-can for regular and static builds
- enable feature udhcpd bootp
-- Ravi Kant Sharma <ravi.kant.sha...@canonical.com> Thu, 05 Dec 2024
17:59:07 +0100
** Changed in: busybox (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-42380
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-48174
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-42363
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-42364
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2090999
Title:
Please merge busybox 1:1.37.0-4 into plucky
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/2090999/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
