cb419c8b3c
The patches have been used by Alpine for 5 months now and they were
posted on the Busybox mailing list mid-July with no review or comment.
According to Ariadne Conill[1] - though NVD CVSS 3.x Base Score seems to
disagree - this has a low security impact so we could probably just wait
for upstream to merge the patches or implement it the way they want.
Considering those patches have been public for 5 months and upstream
hasn't acted until now, let's take the patches from the mailing list
anyway as there's no indication the CVEs will be fixed upstream soon.
[1] https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| 0001-networking-libiproute-use-linux-if_packet.h-instead-.patch | ||
| 0002-Makefile.flags-strip-non-l-arguments-returned-by-pkg.patch | ||
| 0003-awk-fix-use-after-free-CVE-2022-30065.patch | ||
| 0004-libbb-sockaddr2str-ensure-only-printable-characters-.patch | ||
| 0005-nslookup-sanitize-all-printed-strings-with-printable.patch | ||
| Config.in | ||
| S01syslogd | ||
| S02klogd | ||
| S02sysctl | ||
| S10mdev | ||
| S15watchdog | ||
| S50telnet | ||
| busybox-minimal.config | ||
| busybox.config | ||
| busybox.hash | ||
| busybox.mk | ||
| inittab | ||
| mdev.conf | ||
| telnetd.service | ||
| udhcpc.script | ||