[PATCH] awk: fix use after free (CVE-2023-42363)
Natanael Copa
ncopa at alpinelinux.org
Tue May 21 05:43:03 UTC 2024
Hi again,
On Mon, 20 May 2024 22:52:44 +0200
Natanael Copa <ncopa at alpinelinux.org> wrote:
> On Mon, 20 May 2024 17:55:28 +0200
> Natanael Copa <ncopa at alpinelinux.org> wrote:
>
> > Fixes https://bugs.busybox.net/show_bug.cgi?id=15865
>
> I also found out that CVE-2023-42364 and CVE-2023-42365 are fixed with
> commit 0256e00a9d07 (awk: fix precedence of = relative to ==).
We discovered that this specific commit also breaks autotools test TAP output.
https://www.gnu.org/software/automake/manual/html_node/Use-TAP-with-the-Automake-test-harness.html
This was discovered when building https://lttng.org/files/lttng-ust/lttng-ust-2.13.8.tar.bz2
run: ./configure && make -j$(nproc) && make AWK="/path/to/busybox awk" check
Current git master awk is also broken.
-nc
>
> See: https://bugs.busybox.net/show_bug.cgi?id=15871#c5
>
> It would be nice if those two were backported to 1_36_stable.
>
> Thanks!
>
> -nc
> _______________________________________________
> busybox mailing list
> busybox at busybox.net
> http://lists.busybox.net/mailman/listinfo/busybox
More information about the busybox
mailing list