Format: 1.8 Date: Wed, 24 Nov 2021 14:01:36 -0500 Source: busybox Built-For-Profiles: noudeb Architecture: source Version: 1:1.30.1-6ubuntu3.1 Distribution: impish-security Urgency: medium Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Changes: busybox (1:1.30.1-6ubuntu3.1) impish-security; urgency=medium . * SECURITY UPDATE: invalid free or segfault via gzip data - debian/patches/CVE-2021-28831.patch: fix DoS if gzip is corrupt in archival/libarchive/decompress_gunzip.c. - CVE-2021-28831 * SECURITY UPDATE: OOB read in unlzma - debian/patches/CVE-2021-42374.patch: fix a case where we could read before beginning of buffer in archival/libarchive/decompress_unlzma.c, testsuite/unlzma.tests. - CVE-2021-42374 * SECURITY UPDATE: multiple security issues in awk - debian/patches/CVE-2021-423xx-awk.patch: backport awk.c from busybox 1.34.1. - CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386 Checksums-Sha1: fbb915302597c2922d8ecf5e5dfcb53fd3386110 2423 busybox_1.30.1-6ubuntu3.1.dsc 0e25f6372f6887d55de2c33e6b6be6fccb440940 68408 busybox_1.30.1-6ubuntu3.1.debian.tar.xz 8c185a62d132296ef1f9463c92e548df9d82db22 6383 busybox_1.30.1-6ubuntu3.1_source.buildinfo Checksums-Sha256: ba571ca3bd8d5e156bad7f0b8a334ab566e1f5b5403ba2d6d66255ae33ec8611 2423 busybox_1.30.1-6ubuntu3.1.dsc c7af5a1abd51ecd23c7d79e1eba2ec6768789197cd233f28d7279d4bfbcb3873 68408 busybox_1.30.1-6ubuntu3.1.debian.tar.xz 140b7c065db2a31e84a2b0eeaec626f9dd68ae2c484e1796f3bf34fa31e5e321 6383 busybox_1.30.1-6ubuntu3.1_source.buildinfo Files: 6ffd559082aba594384c3e20c14beb2f 2423 utils optional busybox_1.30.1-6ubuntu3.1.dsc a393d509d37210bbf572145a19c3d95e 68408 utils optional busybox_1.30.1-6ubuntu3.1.debian.tar.xz b5841abb7a10c948c514356e3abcf4c8 6383 utils optional busybox_1.30.1-6ubuntu3.1_source.buildinfo Original-Maintainer: Debian Install System Team