This was released today: https://ubuntu.com/security/notices/USN-5179-1
** Changed in: busybox (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/1953337
Title:
Backport needed for 18.04 and 20.04 LTS (CVE-2021-42378)
Status in busybox package in Ubuntu:
Fix Released
Bug description:
Dear community,
Qualys reports a finding on our Ubuntu 18.04 and Ubuntu 20.04 instances
because of CVE-2021-42378.
I can see that there is already a fix for Ubuntu 22.04. When will the fix be
released for the LTS versions 18.04 and 20.04?
I can see the finding is monitored at
https://ubuntu.com/security/CVE-2021-42378, but the CVSS3 scoring is
7.2, so I think the rating "high" would be better. Or is there any
reason why "low" is ok?
Thanks in advance.
Best regards.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/1953337/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
