Your message dated Sun, 01 Feb 2026 17:05:45 +0000
with message-id <[email protected]>
and subject line Bug#1104009: fixed in busybox 1:1.37.0-9
has caused the Debian Bug report #1104009,
regarding busybox: CVE-2024-58251
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1104009: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104009
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: busybox
Version: 1:1.37.0-4
Severity: important
Tags: security upstream
Forwarded: https://bugs.busybox.net/show_bug.cgi?id=15922
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for busybox.
CVE-2024-58251[0]:
| In netstat in BusyBox through 1.37.0, local users can launch of
| network application with an argv[0] containing an ANSI terminal
| escape sequence, leading to a denial of service (terminal locked up)
| when netstat is used by a victim.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-58251
https://www.cve.org/CVERecord?id=CVE-2024-58251
[1] https://bugs.busybox.net/show_bug.cgi?id=15922
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: busybox
Source-Version: 1:1.37.0-9
Done: Michael Tokarev <[email protected]>
We believe that the bug you reported is fixed in the latest version of
busybox, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated busybox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 01 Feb 2026 19:52:47 +0300
Source: busybox
Architecture: source
Version: 1:1.37.0-9
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Closes: 1104009
Changes:
busybox (1:1.37.0-9) unstable; urgency=medium
.
* netstat-sanitize-argv0-for-p-CVE-2024-58251.patch (Closes: #1104009)
Checksums-Sha1:
ae9c1d709d24f614da03c08fba88c8daf907b6b0 2377 busybox_1.37.0-9.dsc
12a5116da4c07546b64f2d68d7ffa4ce55360bba 69040 busybox_1.37.0-9.debian.tar.xz
bae0aea6c9605e728c8c01ee5751d6a48b49f042 6058 busybox_1.37.0-9_source.buildinfo
Checksums-Sha256:
4c2416e8c8f4f2995ae49bd67cb490f80b8096d73766e93090822db66ee222a1 2377
busybox_1.37.0-9.dsc
dd8c6b00e834f6c2dee9126462a77e91f16b526cbd19b7add8eeb32ec4120d27 69040
busybox_1.37.0-9.debian.tar.xz
2e5599c46697e99d88d8016d07e4c2bd6e168c4ca48b59b7eb46feb13290c84f 6058
busybox_1.37.0-9_source.buildinfo
Files:
8171640d12d8e067b213631cc4a3191e 2377 utils optional busybox_1.37.0-9.dsc
4f69564e031e0eafebdcb147890f7ab0 69040 utils optional
busybox_1.37.0-9.debian.tar.xz
9509dfee67711d7c7963b2c491c53ebd 6058 utils optional
busybox_1.37.0-9_source.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJpf4TvCRCCqkokOx6UeEcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmdplndTMp5enQhChiszSu05io8JhxGHrlfM06RppVKI
KRYhBGSqKrUx1WkDNmv++YKqSiQ7HpR4AAC1ng//W9hSQbaDusivBSbISlF/SRNg
sso+gecIAcIXfAoogUtDGbDlGSLRLZmvFTPp19m2JptLnHQANDrmvlGKizpEa3hj
5jd3j8qOr6x3MkzXDys09Dl+MhzSoUPDo9iYT1HC4Uc1B7Q/Oi7DcoMAWM5051ZG
cU9+OK84YZ377EcxS7K1ymZS9T4387fyFY42U1AErEvD/yR06QnmnLc6Qhoa9zEa
azkhJF7ViGcm1gtsLpt+tMhtQ0mtn0Jy7o+WSXPgD6aG7Y5pU4KSdL+FhDgSqZ4B
SJri2+8CfkFKRbWU/ntGR5E3yg2f8S/QsUbBWkvqLQyVz+1UDMS7oOW5U+8IkVu2
edoJ9N9GIQWuLotQSgEQok8dIeoBicJ0j3hUW3WcaU+BW+IQbk0ks7NpThorHXrM
3tRIww9KGfMuMm039y+PxTKDgkHq8uK8KSumctHqpcVV0OlK6FKLidEFS/YC/4PI
8elpQK1+IMuXi5k7eBMXwgIbZRdBSoRBoSH7djDkGMvbYnAB3tKer/StDwDllSjs
iOpq9iUQCLKcAeLf3qHRNyNPuviZ6vXTyIQB5CZ6rk099xE73JGfMDDwjJcep0mz
B27JGm8jW0J2whn3nz3x+EhMBQmewXwpvMPRpjah+7BgEHU2aNJ7+OXZ9Ly2WK8V
lwI/0I1rOh0LsgcG8Bk=
=p9+b
-----END PGP SIGNATURE-----
pgpWauvTK6suo.pgp
Description: PGP signature
--- End Message ---
