Format: 1.8
Date: Wed, 06 Mar 2019 15:11:15 -0500
Source: busybox
Binary: busybox busybox-static busybox-initramfs busybox-udeb busybox-syslogd udhcpc udhcpd
Architecture: source
Version: 1:1.27.2-2ubuntu4.1
Distribution: cosmic-security
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 busybox    - Tiny utilities for small and embedded systems
 busybox-initramfs - Standalone shell setup for initramfs
 busybox-static - Standalone rescue shell with tons of builtin utilities
 busybox-syslogd - Provides syslogd and klogd using busybox
 busybox-udeb - Tiny utilities for the debian-installer (udeb)
 udhcpc     - Provides the busybox DHCP client implementation
 udhcpd     - Provides the busybox DHCP server implementation
Changes:
 busybox (1:1.27.2-2ubuntu4.1) cosmic-security; urgency=medium
 .
   * SECURITY UPDATE: buffer overflow in wget
     - debian/patches/CVE-2018-1000517.patch: check chunk length in
       networking/wget.c.
     - CVE-2018-1000517
   * SECURITY UPDATE: out-of-bounds read in udhcp
     - debian/patches/CVE-2018-20679.patch: check that 4-byte options are
       indeed 4-byte in networking/udhcp/common.*,
       networking/udhcp/dhcpc.c, networking/udhcp/dhcpd.c.
     - CVE-2018-20679
   * SECURITY UPDATE: incomplete fix for out-of-bounds read in udhcp
     - debian/patches/CVE-2019-5747.patch: when decoding DHCP_SUBNET, ensure
       it is 4 bytes long in networking/udhcp/common.*,
       networking/udhcp/dhcpc.c.
     - CVE-2019-5747
Checksums-Sha1:
 8f632376a4598fbc611cbeb2f3557ccb702a3141 2417 busybox_1.27.2-2ubuntu4.1.dsc
 d310f4a51d4362eeddf786b3dfd745a3a65675ad 67568 busybox_1.27.2-2ubuntu4.1.debian.tar.xz
 b73c7810f58216735a1967a1de0d7d8d25a90239 5835 busybox_1.27.2-2ubuntu4.1_source.buildinfo
Checksums-Sha256:
 4f33f5909e0c471b48373458172834a57d625c870a7957633f7970ca84be80cd 2417 busybox_1.27.2-2ubuntu4.1.dsc
 6758b4dfe970d1a5e031d088dc3179b887adfecb43c1493d461fce18ce0b5f27 67568 busybox_1.27.2-2ubuntu4.1.debian.tar.xz
 3e3c990d1f7470f482375bdd798ff1277d9ce0d13908e3c2ed188353f9b7ba7a 5835 busybox_1.27.2-2ubuntu4.1_source.buildinfo
Files:
 27d771e0b1f5b13f3d6bbccf8957a153 2417 utils optional busybox_1.27.2-2ubuntu4.1.dsc
 8b6a3c5ce77438722470b02a553c8ea0 67568 utils optional busybox_1.27.2-2ubuntu4.1.debian.tar.xz
 9e3486e15dcde3e55e817e2f0f0be5c1 5835 utils optional busybox_1.27.2-2ubuntu4.1_source.buildinfo
Original-Maintainer: Debian Install System Team <debian-boot@lists.debian.org>