Hi Tim,
Le 28/04/2021 à 14:30, Mousaw, Tim a écrit :
I’m not sure if this is the correct place to make this inquiry, so if this is the wrong place, I
apologize in advance.
I am trying to understand how a particular commit will make it into an official release of BusyBox.
The commit f25d254dfd4243698c31a4f3153d4ac72aa9e9bd
<https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd> fixes security
vulnerability CVE-2021-28831 <https://nvd.nist.gov/vuln/detail/CVE-2021-28831>. However, this change
has yet to make it into an official (preferably stable) release. My company has pretty strict
security guidelines that require any identified vulnerability over a CVSS 4.0 to be fixed within 90
days or we need to obtain a security exception. In this case, BusyBox is being pulled in by the
Graphite Exporter docker image for our Cloud deployment. So, the commit needs to become available to
be pulled into the Graphite Exporter docker image.
As far as I can see, that commit is in 1_32_stable
See https://git.busybox.net/busybox/commit/?h=1_32_stable
Christophe
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox
