[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: [PATCH 1_19_stable 0/2] backport CVE-2011-2716 fixes
From: Natanael Copa <natanael.copa () gmail ! com>
Date: 2012-08-31 9:35:19
Message-ID: 1346405721-7045-1-git-send-email-ncopa () alpinelinux ! org
[Download RAW message or body]
Hi,
When trying to fix the CVE-2011-2716 security issue for Alpine Linux i
found out 2 things:
1) the fix found when googling for a patch introduced a regression. The
fix for that regression was only found after a while.
2) Not everybody seems to be able to backport patches properly. I found
a backport for mageia that looks wrong (last hunk looks wrong. It should
append OPTION_STRING_HOST, not replace OPTION_STRING):
http://svnweb.mageia.org/packages/cauldron/busybox/current/SOURCES/busybox-1.19.3-CVE-2011-2716.patch?revision=269305&view=co&pathrev=269305
Since this is a security issue, I suggest that we backport those patches for
1_19_stable and maybe also merge them to a patch that is uploaded to
fixes-1.19.4.
Thanks!
Denys Vlasenko (2):
udhcpc: sanitize hostnames in incoming packets. Closes 3979.
udhcpc: fix improper size calculation for OPTION_STRING_HOST
networking/udhcp/common.c | 14 +++++++----
networking/udhcp/common.h | 3 +++
networking/udhcp/dhcpc.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 74 insertions(+), 5 deletions(-)
--
1.7.12
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic