diff options
| author | Christine Dodrill <me@christine.website> | 2017-11-22 06:19:54 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2017-11-22 12:46:33 +0000 |
| commit | ac414d2b6399469baedb0a1f6cd3ca93f0aabf59 (patch) | |
| tree | 25634c4a9290542f65bce748eecf1effb1ee1220 /main/busybox/APKBUILD | |
| parent | c4e6c5cec25c025e87371ec316e5f18e417c7660 (diff) | |
| download | aports-ac414d2b6399469baedb0a1f6cd3ca93f0aabf59.tar.bz2 aports-ac414d2b6399469baedb0a1f6cd3ca93f0aabf59.tar.xz | |
I have created an automated tool at https://github.com/Xe/cve-2017-16544 that
will test busybox's ash implementation for CVE-2017-16544.
[1]: https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
CVE-2017-15873 and CVE-2017-15874 are fixed by their upstream patches.
fixes #8187
Diffstat (limited to 'main/busybox/APKBUILD')
| -rw-r--r-- | main/busybox/APKBUILD | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD index 94ceef6099..2388575e33 100644 --- a/main/busybox/APKBUILD +++ b/main/busybox/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=busybox pkgver=1.27.2 -pkgrel=3 +pkgrel=4 pkgdesc="Size optimized toolbox of many common UNIX utilities" url=http://busybox.net arch="all" @@ -33,6 +33,10 @@ source="http://busybox.net/downloads/$pkgname-$pkgver.tar.bz2 0010-udhcpc-Don-t-background-if-n-is-given.patch 0011-testsuite-fix-cpio-tests.patch 0012-microcom-segfault.patch + + 0013-CVE-2017-16544.patch + 0014-CVE-2017-15873.patch + 0015-CVE-2017-15874.patch top-buffer-overflow.patch @@ -185,6 +189,9 @@ d1c375184f806f7550bac5c82ab5471bdb8085d845172c973724b22af05ab3759b3ce982e088b4c4 9b5143d0be615b1604d82007628d59a62721f1e61a63cca7a4ffa5e60fa8da102bfc21fa20cc35c2f5a0a24bc8013598f8eff5888f9d0f3bcfa796343b5f5a91 0010-udhcpc-Don-t-background-if-n-is-given.patch f4e00eb13fda752df13f300a7ed9b1320ca9f573c4309247f292c8710464d7be8740148f42e4aff16312335eadabce5a629dce4af58334b9199faf2fd658e4f9 0011-testsuite-fix-cpio-tests.patch a09a64b3bce8048c58a68dcd2dd9e63c911009c06195d6bb4e5aecfb5700e479c25b34635c60899127975fae32275ad51846ee75f840d612e00668ce9aba8322 0012-microcom-segfault.patch +74620e589e863f63ad3fed1e37405e385648789d59e8914074f94b2d279728ad54cd497073ff7afe2aac1bca81150fa1b396034206358599281f15fb2dd079d5 0013-CVE-2017-16544.patch +8a9f314c7d08d349957549c59d306d1b608f147e27719a290d421cce288c11adb8593034a6d722688ae3c5dc60a5180f7aa948213987cd5b188340558607cbcb 0014-CVE-2017-15873.patch +93b3188fe3397899a625c203bcc03ddedadb96cceeb38ecad3ad3395d75fdfa7e1ba7cfc34eb8ebc7c70165ae967da474735247bf114398bea00440e90b1bef7 0015-CVE-2017-15874.patch 524e858b52cb31fb8d24e8c7f18606fff349aeab6a14da9cca3902641f6127980daed73c53586c6e8b41eecda06cdb29c40ff1dde2dc82a318c2649680458921 top-buffer-overflow.patch a9b1403c844c51934637215307dd9e2adb9458921047acff0d86dcf229b6e0027f4b2c6cdaa25a58407aad9d098fb5685d58eb5ff8d2aa3de4912cdea21fe54c acpid.logrotate 02102f0764ffbec86e97ccab99b3a1e55ffa5b25aa2cdc1fe270d5b575610bdb50568574c7cbd05aba91b13151f84f536b44320c180051cbd77cf258e4fc89a4 busyboxconfig |