Support required to fix for vulnerable component in busybox

Radoslav Kolev radoslav.kolev at suse.com
Tue Jun 21 06:47:21 UTC 2022


On 6/17/22 4:51 PM, Ulrich Eckhardt wrote:
> That version is pretty old, so I'd upgrade. Also, which
> vulnerability exactly are you referring to, is it already known and
> perhaps patched in the latest version?

Sometimes major version upgrades are not feasible, so patches have to be 
backported.

In such cases it would be extremely useful to mention the related CVEs 
in the commit message when a commit fixes a security issue. 
Unfortunately that's quite rarely seen in the busybox git repo and I, 
for one will be thankful to any busybox developer who chooses to do so.

BR,
Radoslav


More information about the busybox mailing list