Support required to fix for vulnerable component in busybox
Radoslav Kolev
radoslav.kolev at suse.com
Tue Jun 21 06:47:21 UTC 2022
On 6/17/22 4:51 PM, Ulrich Eckhardt wrote:
> That version is pretty old, so I'd upgrade. Also, which
> vulnerability exactly are you referring to, is it already known and
> perhaps patched in the latest version?
Sometimes major version upgrades are not feasible, so patches have to be
backported.
In such cases it would be extremely useful to mention the related CVEs
in the commit message when a commit fixes a security issue.
Unfortunately that's quite rarely seen in the busybox git repo and I,
for one will be thankful to any busybox developer who chooses to do so.
BR,
Radoslav
More information about the busybox
mailing list