This bug was fixed in the package busybox - 1:1.27.2-2ubuntu3.1
---
busybox (1:1.27.2-2ubuntu3.1) bionic; urgency=medium
* Fix symlink handling (LP: #1753572)
- debian/patches/CVE-2011-5325-2.patch: re-enable patch.
- debian/patches/CVE-2011-5325-3.patch:postpone creation
Thanks!
** Tags removed: verification-needed verification-needed-bionic
** Tags added: verification-done verification-done-bionic
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
Yes, 1.27.2-2ubuntu3.1 looks to fix the issue with 1.27.2-2ubuntu3!
Thanks!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/1753572
Title:
cpio in Busybox 1.27 ingnores
Hi Bryan,
Could you please test the package that is now in bionic-proposed, and
post your results here?
Thanks!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/1753572
Hello Bryan, or anyone else affected,
Accepted busybox into bionic-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/busybox/1:1.27.2-2ubuntu3.1 in a
few hours, and then in the -proposed repository.
Please help us by testing this new package. See
I have the image, how can I get it to you privately to test? (Or
alternatively, I can test it with the new version if you have a link?)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
Creating image now.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/1753572
Title:
cpio in Busybox 1.27 ingnores "unsafe links"
Status in busybox package in Ubuntu:
Fix
Yeah apologies, I have to allocate another U18 host and build one. Will
aim for tomorrow.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/1753572
Title:
cpio in Busybox
Bryan - is there any chance we could get that image?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/1753572
Title:
cpio in Busybox 1.27 ingnores "unsafe links"
Status in
I was using it to build a U18 debirf image when I saw this issue. I can
generate one in a bit for you.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/1753572
Title:
cpio
I just uploaded this for bionic to be processed by the SRU team.
Bryan, do you have an example archive that can be used to test this?
Thanks!
** Changed in: busybox (Ubuntu Bionic)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: debirf (Ubuntu Bionic)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
This bug was fixed in the package busybox - 1:1.27.2-2ubuntu4
---
busybox (1:1.27.2-2ubuntu4) cosmic; urgency=medium
* Fix symlink handling (LP: #1753572)
- debian/patches/CVE-2011-5325-2.patch: re-enable patch.
- debian/patches/CVE-2011-5325-3.patch:postpone creation of
This does look good now, thanks!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/1753572
Title:
cpio in Busybox 1.27 ingnores "unsafe links"
Status in busybox package in
Hello?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/1753572
Title:
cpio in Busybox 1.27 ingnores "unsafe links"
Status in busybox package in Ubuntu:
Confirmed
Status
Hi! I've prepared a busybox update and uploaded it to my PPA here:
https://launchpad.net/~mdeslaur/+archive/ubuntu/testing
Could you please see if it resolves your issue? If so, I'll upload it to
cosmic and SRU it to bionic.
Thanks!
** Also affects: busybox (Ubuntu Bionic)
Importance:
The EXTRACT_UNSAFE_SYMLINKS variable was backed out in busybox 1.28.2 by
the following commit:
https://git.busybox.net/busybox/commit/?h=1_28_stable=37277a23fe48b13313f5d96084d890ed21d5fd8b
Two new commits were added to later 1.28 releases to fix more symlink
issues:
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: debirf (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: debirf (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
** Project changed: busybox => debirf (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/1753572
Title:
cpio in Busybox 1.27 ingnores "unsafe links"
Status in
** Also affects: busybox
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/1753572
Title:
cpio in Busybox 1.27 ingnores "unsafe
Proposed solution: back port the env var patch or upgrade to 1.28.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/1753572
Title:
cpio in Busybox 1.27 ingnores "unsafe
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: busybox (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
23 matches
Mail list logo
