[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: RE: CVE-2021-28831
From: "Mousaw, Tim" <tmousaw () ptc ! com>
Date: 2021-04-28 16:47:14
Message-ID: MN2PR17MB367859E72F59780198E27C2CB4409 () MN2PR17MB3678 ! namprd17 ! prod ! outlook ! com
[Download RAW message or body]
I got a response on https://github.com/docker-library/busybox/issues/101:
- We strive to follow upstream releases and so don't really backport patches. Once \
there is a release available on https://busybox.net/, we'll publish a new image.
So, could a new release of BusyBox please be published? I'm guessing it would be \
1.32.2? Is it better to file a ticket to the BusyBox Bug and Patch Tracking system to \
request the new release?
-----Original Message-----
From: Mousaw, Tim
Sent: Wednesday, April 28, 2021 11:15 AM
To: Peter Korsgaard <peter@korsgaard.com>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>; busybox@busybox.net
Subject: RE: CVE-2021-28831
Thanks again for the quick reply. I don't know why I assumed the maintainers of \
BusyBox would also maintain the docker images published. I filed \
https://github.com/docker-library/busybox/issues/101 for the BusyBox docker image. \
Not sure if this will require a new release to be published in order to create the \
docker image.
-----Original Message-----
From: Peter Korsgaard <jacmet@gmail.com> On Behalf Of Peter Korsgaard
Sent: Wednesday, April 28, 2021 10:41 AM
To: Mousaw, Tim <tmousaw@ptc.com>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>; busybox@busybox.net
Subject: Re: CVE-2021-28831
External email from: jacmet@gmail.com
> > > > > "Mousaw," == Mousaw, Tim <tmousaw@ptc.com> writes:
> Thanks for the quick replies.
> So, once this was merged, did the 1.32.1 image tag of the BusyBox > docker image \
get rebuilt with it? From what I can tell, this is the > image tag that gets pulled \
when the "latest" tag is used.
Sorry, I have no idea who owns/builds that docker image, but given that this was \
added after 1.32.1 was tagged, I would NOT expect it to be included in a 1.32.1 \
build:
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.buildroot.org%2F \
busybox%2Flog%2F%3Fh%3D1_32_stable&data=04%7C01%7Ctmousaw%40ptc.com%7Cc2a60ca92007 \
4470082f08d90a53b626%7Cb9921086ff774d0d828acb3381f678e2%7C0%7C0%7C637552176929051043%7 \
CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0 \
%3D%7C1000&sdata=%2FSUYh4PrpHEwurAHFiVzSrZYN1lzyEzb711Sa4gXz8A%3D&reserved=0
--
Bye, Peter Korsgaard
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic