On 4/24/25 7:57 PM, Solar Designer wrote:
> On Thu, Apr 24, 2025 at 07:09:44PM -0400, Demi Marie Obenour wrote:
>> On 4/24/25 3:09 AM, Albert Veli wrote:
>>> On Wed, Apr 23, 2025 at 10:51 PM Salvatore Bonaccorso
>>> wrote:
FTR, this one has assigned CVE-2025-46394
...
FTR, this one
On Thu, Apr 24, 2025 at 07:09:44PM -0400, Demi Marie Obenour wrote:
> On 4/24/25 3:09 AM, Albert Veli wrote:
> > On Wed, Apr 23, 2025 at 10:51 PM Salvatore Bonaccorso
> > wrote:
> >> FTR, this one has assigned CVE-2025-46394
> >> ...
> >> FTR, this one has CVE-2024-58251 assigned.
> >
> > From w
On 4/24/25 3:09 AM, Albert Veli wrote:
> Hi,
>
> On Wed, Apr 23, 2025 at 10:51 PM Salvatore Bonaccorso
> wrote:
>
>>
>> FTR, this one has assigned CVE-2025-46394
>> ...
>> FTR, this one has CVE-2024-58251 assigned.
>
> From what I can tell the latest release is busybox-1.37.0. Are these fixed
>
On Thursday, 24 April 2025 at 17:16 Albert Veli wrote:
> On Wed, Apr 23, 2025 at 10:51 PM Salvatore Bonaccorso
> wrote:
> > FTR, this one has assigned CVE-2025-46394
> From what I can tell the latest release is busybox-1.37.0. Are these fixed
> in this release? If not, do you have any link to p
On Wednesday 23 April 2025 at 17:04 Jakub Wilk wrote
> > CVE-2023-39810
> But it seems busybox committed a different patch, which looks good:
> https:/git.busybox.net/busybox/commit/?id=9a8796436b9b0641
> ("archival: disallow path traversals (CVE-2023-39810)")
>
> The essence of the patch is:
>
>
Hi,
On Wed, Apr 23, 2025 at 10:51 PM Salvatore Bonaccorso
wrote:
>
> FTR, this one has assigned CVE-2025-46394
> ...
> FTR, this one has CVE-2024-58251 assigned.
>From what I can tell the latest release is busybox-1.37.0. Are these fixed
in this release? If not, do you have any link to patches
Hi,
On Wed, Apr 23, 2025 at 02:11:44PM +, Ian Norton wrote:
>
> https://bugs.busybox.net/show_bug.cgi?id=16018 (awaiting CVE)
>
> Busybox's cpio and tar tools will print un-escaped filenames when listing and
> unpacking
> cpio and tar files. Malicious files containing filenames with termin
Hi,
On Wed, Apr 23, 2025 at 05:38:17PM +0200, Ricardo Branco wrote:
> I reported this one in busybox's netstat a year ago:
>
> https://bugs.busybox.net/show_bug.cgi?id=15922
>
>
> The whole code needs a security audit for ANSI escapes like this.
FTR, this one has CVE-2024-58251 assigned.
Rega
* Ian Norton , 2025-04-23 14:11:
https://security-tracker.debian.org/tracker/CVE-2023-39810
This is: "An issue in the CPIO command of Busybox v1.33.2 allows
attackers to execute a directory traversal."
see also https://lists.busybox.net/pipermail/busybox/2024-July/090851.html
This patch a
I reported this one in busybox's netstat a year ago:
https://bugs.busybox.net/show_bug.cgi?id=15922
The whole code needs a security audit for ANSI escapes like this.
Best,
R
On 4/23/25 4:11 PM, Ian Norton wrote:
https://bugs.busybox.net/show_bug.cgi?id=16018 (awaiting CVE)
Busybox's cpi
10 matches
Mail list logo
