[Git][security-tracker-team/security-tracker][master] CVE-2021-42377/busybox not affecting buster and bullseye

Tobias Frost (@tobi) tobi at debian.org
Wed Dec 25 09:29:02 GMT 2024 


Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2108734b by Tobias Frost at 2024-12-25T10:28:53+01:00
CVE-2021-42377/busybox not affecting buster and bullseye

$grep "CONFIG_HUSH " busybox-1.30.1-bu*/debian/config/pkg/*
busybox-1.30.1-bullseye/debian/config/pkg/deb:# CONFIG_HUSH is not set
busybox-1.30.1-bullseye/debian/config/pkg/static:# CONFIG_HUSH is not set
busybox-1.30.1-bullseye/debian/config/pkg/udeb:# CONFIG_HUSH is not set
busybox-1.30.1-buster/debian/config/pkg/deb:# CONFIG_HUSH is not set
busybox-1.30.1-buster/debian/config/pkg/static:# CONFIG_HUSH is not set
busybox-1.30.1-buster/debian/config/pkg/udeb:# CONFIG_HUSH is not set

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -257367,8 +257367,8 @@ CVE-2021-42378 (A use-after-free in Busybox's awk applet leads to denial of serv
 	NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
 CVE-2021-42377 (An attacker-controlled pointer free in Busybox's hush applet leads to  ...)
 	- busybox 1:1.35.0-1 (bug #999567)
-	[bullseye] - busybox <no-dsa> (Minor issue)
-	[buster] - busybox <no-dsa> (Minor issue)
+	[bullseye] - busybox <not-affected> (CONFIG_HUSH is not set)
+	[buster] - busybox <not-affected> (CONFIG_HUSH is not set)
 	[stretch] - busybox <not-affected> (CONFIG_HUSH is not set)
 	NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
 CVE-2021-42376 (A NULL pointer dereference in Busybox's hush applet leads to denial of ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2108734bfff61c531ca4fbf1a1cf9642ef4a1563

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2108734bfff61c531ca4fbf1a1cf9642ef4a1563
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241225/c5f57d27/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list