Bug 14057

Summary: [CVE21] busybox 1.35.0 CVEs found
Product: [ROSA-based products] ROSA Fresh Reporter: Vladimir Potapov <v.potapov>
Component: System (kernel, glibc, systemd, bash, PAM...)Assignee: ROSA Linux Bugs <bugs>
Status: VERIFIED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: blocker    
Priority: Highest CC: a.proklov, e.kosachev, pastordidi, s.matveev
Version: AllFlags: v.potapov: qa_verified+
e.kosachev: secteam_verified+
a.proklov: published+
Target Milestone: 2021.1 Fresh R12   
Hardware: All   
OS: Linux   
URL: CVE-2022-30065,CVE-2022-28391
Whiteboard:
Platform: 2021.1 ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Comment 1 Svyatoslav Matveev 2023-11-29 18:05:22 MSK 
********** QA ADVISORY **********

Закрыто обновлением.

*** busybox
**  1.35.0 .. 1.36.1 (merge rosa2023.1)

https://abf.io/build_lists/4841466
https://abf.io/build_lists/4841467
https://abf.io/build_lists/4841468
https://abf.io/build_lists/4841470
Comment 2 Svyatoslav Matveev 2023-11-29 18:13:42 MSK 

*** e2k
https://abf.io/build_lists/4841469
Comment 3 Dmitry Postnikov 2023-11-30 11:52:19 MSK 
*****************************
Обновление отослано в Тестинг
Comment 4 Vladimir Potapov 2023-12-01 17:02:31 MSK 
https://security-tracker.debian.org/tracker/CVE-2022-30065 
1.36.1 fixed
Comment 5 Vladimir Potapov 2023-12-04 18:23:34 MSK 
busybox-1.36.1-3
https://abf.io/build_lists/4841466
https://abf.io/build_lists/4841467
https://abf.io/build_lists/4841468
https://abf.io/build_lists/4841470
https://abf.io/build_lists/4841469
*************************** Advisory *************************
CVEs closed by version update
***************************************************************
QA Verified
Comment 6 Eduard 2024-05-28 11:30:15 MSK 
*******************************************************
Secteam_verified
*******************************************************
https://abf.rosalinux.ru/advisories/ROSA-SA-2024-2426
*******************************************************