On Thu, 11 Nov 2021 12:33:28 +0000 xiechengliang <[email protected]> wrote:
> I asked one of the disclosers of these vulnerabilities by email, he gave me > the following results. > > CVE fix > CVE-2021-42373 commit 4d4fc5ca5ee4f (man: fix segfault in "man 1") > CVE-2021-42374 commit 04f052c56ded (unlzma: fix a case where > we could read before beginning of buffer) > CVE-2021-42375 commit 53a7a9cd8c15 (ash: parser: Fix VSLENGTH parsing > with trailing garbage) This confirms my own investigation of CVE-2021-42375, thanks! > CVE-2021-42376 commit 1b7a9b68d0e9 (hush: fix handling of \^C and "^C") > CVE-2021-42377 commit 83a4967e5042 (hush: fix handling of "cmd && &") > > CVE-2021-42378-- CVE-2021-42386, For the CVE related to the awk, he > also doesn't know which patch is for each CVE. Yeah, the above were the "easy" ones. awk seems significantly more difficult to find a correct match. > The following is part of the original text of his email: > " BusyBox maintainers fixed our reported issues across multiple > commits, especially for the awk utility, so it*s not straight forward > to find all of the fix commits easily." > > Can anyone point out the repair commit of awk related CVE ? +1 -nc _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
