[PATCH 1_19_stable 0/2] backport CVE-2011-2716 fixes
Natanael Copa
natanael.copa at gmail.com
Fri Aug 31 09:35:19 UTC 2012
Hi,
When trying to fix the CVE-2011-2716 security issue for Alpine Linux i
found out 2 things:
1) the fix found when googling for a patch introduced a regression. The
fix for that regression was only found after a while.
2) Not everybody seems to be able to backport patches properly. I found
a backport for mageia that looks wrong (last hunk looks wrong. It should
append OPTION_STRING_HOST, not replace OPTION_STRING):
http://svnweb.mageia.org/packages/cauldron/busybox/current/SOURCES/busybox-1.19.3-CVE-2011-2716.patch?revision=269305&view=co&pathrev=269305
Since this is a security issue, I suggest that we backport those patches for
1_19_stable and maybe also merge them to a patch that is uploaded to
fixes-1.19.4.
Thanks!
Denys Vlasenko (2):
udhcpc: sanitize hostnames in incoming packets. Closes 3979.
udhcpc: fix improper size calculation for OPTION_STRING_HOST
networking/udhcp/common.c | 14 +++++++----
networking/udhcp/common.h | 3 +++
networking/udhcp/dhcpc.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 74 insertions(+), 5 deletions(-)
--
1.7.12
More information about the busybox
mailing list