I got a response on https://github.com/docker-library/busybox/issues/101: - We strive to follow upstream releases and so don't really backport patches. Once there is a release available on https://busybox.net/, we'll publish a new image.
So, could a new release of BusyBox please be published? I'm guessing it would be 1.32.2? Is it better to file a ticket to the BusyBox Bug and Patch Tracking system to request the new release? -----Original Message----- From: Mousaw, Tim Sent: Wednesday, April 28, 2021 11:15 AM To: Peter Korsgaard <[email protected]> Cc: Christophe Leroy <[email protected]>; [email protected] Subject: RE: CVE-2021-28831 Thanks again for the quick reply. I don't know why I assumed the maintainers of BusyBox would also maintain the docker images published. I filed https://github.com/docker-library/busybox/issues/101 for the BusyBox docker image. Not sure if this will require a new release to be published in order to create the docker image. -----Original Message----- From: Peter Korsgaard <[email protected]> On Behalf Of Peter Korsgaard Sent: Wednesday, April 28, 2021 10:41 AM To: Mousaw, Tim <[email protected]> Cc: Christophe Leroy <[email protected]>; [email protected] Subject: Re: CVE-2021-28831 External email from: [email protected] >>>>> "Mousaw," == Mousaw, Tim <[email protected]> writes: > Thanks for the quick replies. > So, once this was merged, did the 1.32.1 image tag of the BusyBox > docker > image get rebuilt with it? From what I can tell, this is the > image tag > that gets pulled when the "latest" tag is used. Sorry, I have no idea who owns/builds that docker image, but given that this was added after 1.32.1 was tagged, I would NOT expect it to be included in a 1.32.1 build: https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.buildroot.org%2Fbusybox%2Flog%2F%3Fh%3D1_32_stable&data=04%7C01%7Ctmousaw%40ptc.com%7Cc2a60ca920074470082f08d90a53b626%7Cb9921086ff774d0d828acb3381f678e2%7C0%7C0%7C637552176929051043%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2FSUYh4PrpHEwurAHFiVzSrZYN1lzyEzb711Sa4gXz8A%3D&reserved=0 -- Bye, Peter Korsgaard _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
