[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: [PATCH 0/2] Fix CVE-2022-28391
From: Radoslav Kolev <radoslav.kolev () suse ! com>
Date: 2022-07-19 15:53:30
Message-ID: 20220719155332.18440-1-radoslav.kolev () suse ! com
[Download RAW message or body]
The following two patches fix CVE-2022-2839 preventing netstat,
traceroute and nslookup from sending escape sequences to the terminal.
Note that the problem is only reproducible when using musl libc, but
not with glibc.
More information can be found at:
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
Ariadne Conill (2):
libbb: sockaddr2str: ensure only printable characters are returned for
the hostname part
nslookup: sanitize all printed strings with printable_string
libbb/xconnect.c | 5 +++--
networking/nslookup.c | 10 +++++-----
2 files changed, 8 insertions(+), 7 deletions(-)
--
2.26.2
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic