Format: 1.8
Date: Wed, 27 Mar 2019 12:49:34 -0400
Source: busybox
Binary: busybox busybox-static busybox-initramfs busybox-udeb busybox-syslogd udhcpc udhcpd
Architecture: armhf
Version: 1:1.21.0-1ubuntu1.4
Distribution: trusty
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-074.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 busybox    - Tiny utilities for small and embedded systems
 busybox-initramfs - Standalone shell setup for initramfs
 busybox-static - Standalone rescue shell with tons of builtin utilities
 busybox-syslogd - Provides syslogd and klogd using busybox
 busybox-udeb - Tiny utilities for the debian-installer (udeb)
 udhcpc     - Provides the busybox DHCP client implementation
 udhcpd     - Provides the busybox DHCP server implementation
Changes: 
 busybox (1:1.21.0-1ubuntu1.4) trusty-security; urgency=medium
 .
   * SECURITY UPDATE: directory traversal via tar symlink extraction
     - debian/patches/CVE-2011-5325-1.patch: postpone creation of symlinks
       with "suspicious" targets in archival/libarchive/data_extract_all.c,
       archival/tar.c, archival/tar_symlink_attack, include/bb_archive.h,
       testsuite/tar.tests.
     - debian/patches/CVE-2011-5325-2.patch: do not extract unsafe symlinks
       unless env variable is set in archival/libarchive/Kbuild.src,
       archival/libarchive/data_extract_all.c,
       archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
       include/bb_archive.h, libbb/copy_file.c, testsuite/tar.tests.
     - debian/patches/CVE-2011-5325-3.patch: postpone creation of symlinks
       with "suspicious" targets in archival/libarchive/data_extract_all.c,
       archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
       include/bb_archive.h, testsuite/tar.tests.
     - debian/patches/CVE-2011-5325-4.patch: extract "unsafe" symlinks
       the same way tar/unzip does in archival/cpio.c.
     - debian/patches/CVE-2011-5325-5.patch: fix symlink creation in
       archival/libarchive/get_header_ar.c.
     - CVE-2011-5325
   * SECURITY UPDATE: kernel module loading restrictions bypass
     - debian/patches/CVE-2014-9645.patch: reject module names with slashes
       in modutils/modprobe.c.
     - CVE-2014-9645
   * SECURITY UPDATE: integer overflow in the DHCP client
     - debian/patches/CVE-2016-2147-1.patch: fix a SEGV on malformed
       RFC1035-encoded domain name in networking/udhcp/domain_codec.c.
     - debian/patches/CVE-2016-2147-2.patch: fix a warning in debug code in
       networking/udhcp/domain_codec.c.
     - CVE-2016-2147
   * SECURITY UPDATE: heap-based buffer overflow in the DHCP client
     - debian/patches/CVE-2016-2148.patch: fix OPTION_6RD parsing in
       networking/udhcp/common.c, networking/udhcp/dhcpc.c.
     - CVE-2016-2148
   * SECURITY UPDATE: integer overflow in get_next_block
     - debian/patches/CVE-2017-15873.patch: fix runCnt overflow in
       archival/libarchive/decompress_bunzip2.c.
     - CVE-2017-15873
   * SECURITY UPDATE: code execution in tab autocomplete feature
     - debian/patches/CVE-2017-16544.patch: check for control characters in
       libbb/lineedit.c.
     - CVE-2017-16544
   * SECURITY UPDATE: DoS in unzip operations
     - debian/patches/CVE-2015-9261-1.patch: test for a bad archive in
       archival/libarchive/decompress_gunzip.c, added test in
       testsuite/unzip.tests.
     - debian/patches/CVE-2015-9261-2.patch: further fix decompression code
       in archival/libarchive/decompress_gunzip.c, testsuite/unzip.tests.
     - CVE-2015-9261
   * SECURITY UPDATE: buffer overflow in wget
     - debian/patches/CVE-2018-1000517.patch: check chunk length in
       networking/wget.c.
     - CVE-2018-1000517
   * SECURITY UPDATE: out-of-bounds read in udhcp
     - debian/patches/CVE-2018-20679.patch: check that 4-byte options are
       indeed 4-byte in networking/udhcp/common.*,
       networking/udhcp/dhcpc.c, networking/udhcp/dhcpd.c.
     - CVE-2018-20679
   * SECURITY UPDATE: incomplete fix for out-of-bounds read in udhcp
     - debian/patches/CVE-2019-5747.patch: when decoding DHCP_SUBNET, ensure
       it is 4 bytes long in networking/udhcp/common.*,
       networking/udhcp/dhcpc.c.
     - CVE-2019-5747
Checksums-Sha1: 
 6c413da5771ed9623dc128118a5e4251007d3eff 344208 busybox_1.21.0-1ubuntu1.4_armhf.deb
 beef7c38a810b0373572e1e3b89b4ab81f9c1b08 852968 busybox-dbgsym_1.21.0-1ubuntu1.4_armhf.ddeb
 aa51ddb98b667e955dc716749d481ffeae59300f 685846 busybox-static_1.21.0-1ubuntu1.4_armhf.deb
 aeba3852e8db51be644e191a1a4f02727c052ff3 998396 busybox-static-dbgsym_1.21.0-1ubuntu1.4_armhf.ddeb
 155596f281ac9bc4f8e469742c64247a16b9cebe 162308 busybox-udeb_1.21.0-1ubuntu1.4_armhf.udeb
 4531139533af3eaf162bf1481ca033fb8f5ca560 505256 busybox-udeb-dbgsym_1.21.0-1ubuntu1.4_armhf.ddeb
 3ade5a6bc27b480991bfb419c8faf4f90344e660 152464 busybox-initramfs_1.21.0-1ubuntu1.4_armhf.deb
 c2de5d14e4ae4be815a1bc57c70f1e200472e845 437708 busybox-initramfs-dbgsym_1.21.0-1ubuntu1.4_armhf.ddeb
 4f529700780f8e296d2c77437d9256bba50706a8 2544 udhcpc_1.21.0-1ubuntu1.4_armhf.deb
 2c5ca0ef0a22cfc15744302163dd7c45dfde3987 5546 udhcpd_1.21.0-1ubuntu1.4_armhf.deb
Checksums-Sha256: 
 01aa8f18c1867d38ac112ce7f35313de78c073ccf072f2424f38b7b56ce995d1 344208 busybox_1.21.0-1ubuntu1.4_armhf.deb
 2ecb3674fe89f369ecaa394126f0bf1a30269b2b76015fac0d85cf19cbd940e2 852968 busybox-dbgsym_1.21.0-1ubuntu1.4_armhf.ddeb
 7cf870fbcf56d54123cd078cf31f23036c1e57948069ffa30c24cf9d1c269f0f 685846 busybox-static_1.21.0-1ubuntu1.4_armhf.deb
 882eaf7423d0fb19443ca26b9ed0c621f2ec90f5d070af4af77e178e634bfbb1 998396 busybox-static-dbgsym_1.21.0-1ubuntu1.4_armhf.ddeb
 963d731dc41733e88fb0b68a267b8d776600e0e014c58da713e7a183cbe9a917 162308 busybox-udeb_1.21.0-1ubuntu1.4_armhf.udeb
 c4848ca6bd157fb53148b16b14483b98d1a481d2c94707ef3ccbbc7fe7364055 505256 busybox-udeb-dbgsym_1.21.0-1ubuntu1.4_armhf.ddeb
 818fa77a22c663568442f43760c175e71887b722f96b7b4885a78fd5d60bc34b 152464 busybox-initramfs_1.21.0-1ubuntu1.4_armhf.deb
 e2c344c23433a33108e4da9426b4bdef38e9a073017e7e1b9c8dd5cdd6f32123 437708 busybox-initramfs-dbgsym_1.21.0-1ubuntu1.4_armhf.ddeb
 e22b7d787cb275cd45710f56e5fc3a106a8d118f1efb5c60930dfff20564a5d7 2544 udhcpc_1.21.0-1ubuntu1.4_armhf.deb
 3fc81e2705d572690c36c6ff069ae13b77629b1dbd5acf03a7f0b15a3c4b6a6a 5546 udhcpd_1.21.0-1ubuntu1.4_armhf.deb
Files: 
 e07ee052332728b7d1ba9f3d0e5bbe44 344208 utils optional busybox_1.21.0-1ubuntu1.4_armhf.deb
 674e40ba9f837e0aac7e6cda8414e73b 852968 utils extra busybox-dbgsym_1.21.0-1ubuntu1.4_armhf.ddeb
 c003bb5fb8c261eb86cb7138fc56e551 685846 shells extra busybox-static_1.21.0-1ubuntu1.4_armhf.deb
 7d861c933a546ffec25cd9cb634a3333 998396 shells extra busybox-static-dbgsym_1.21.0-1ubuntu1.4_armhf.ddeb
 5cb94abcabaa848820b94047c5e291ff 162308 debian-installer extra busybox-udeb_1.21.0-1ubuntu1.4_armhf.udeb
 971176c4f29d1cc6fed17ec99704e2f5 505256 debian-installer extra busybox-udeb-dbgsym_1.21.0-1ubuntu1.4_armhf.ddeb
 228f2a922e963e6b66cf1a1ac8b320ad 152464 shells optional busybox-initramfs_1.21.0-1ubuntu1.4_armhf.deb
 bceb5aa66d0072fdbf3907d775102074 437708 shells extra busybox-initramfs-dbgsym_1.21.0-1ubuntu1.4_armhf.ddeb
 ac90f7bead1191eb5a3c5fd0e9c3a55f 2544 net optional udhcpc_1.21.0-1ubuntu1.4_armhf.deb
 3d09b4edb12303ac6c36dc902473a5c8 5546 net optional udhcpd_1.21.0-1ubuntu1.4_armhf.deb
Original-Maintainer: Debian Install System Team <debian-boot@lists.debian.org>