mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-20 14:13:16 +00:00
7c0a2bc930
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. Fixes: FS#1181 - CVE-2017-16544: Backport the patch from: https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8 https://nvd.nist.gov/vuln/detail/CVE-2017-16544 Signed-off-by: Derek Werthmuller <thewerthfam@gmail.com> Signed-off-by: John Crispin <john@phrozen.org> |
||
---|---|---|
.. | ||
001-resource_h_include.patch | ||
100-trylink_bash.patch | ||
101-gen_build_files_bash.patch | ||
110-no_static_libgcc.patch | ||
130-mconf_missing_sigwinch.patch | ||
200-udhcpc_reduce_msgs.patch | ||
201-udhcpc_changed_ifindex.patch | ||
203-udhcpc_renew_no_deconfig.patch | ||
210-add_netmsg_util.patch | ||
220-add_lock_util.patch | ||
230-add_nslookup_lede.patch | ||
240-telnetd_intr.patch | ||
250-date-k-flag.patch | ||
270-libbb_make_unicode_printable.patch | ||
301-ip-link-fix-netlink-msg-size.patch | ||
500-move-traceroute-applets-to-bin.patch | ||
510-move-passwd-applet-to-bin.patch | ||
600-cve-2017-16544.patch |