ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-01-31 16:35:44 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity
openwrt/package/utils/busybox/patches
History
John Crispin 7c0a2bc930 busybox: backport cve-2017-16544 fix 
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2,
the tab autocomplete feature of the shell, used to get a list of filenames
in a directory, does not sanitize filenames and results in executing any
escape sequence in the terminal. This could potentially result in code
execution, arbitrary file writes, or other attacks.

Fixes: FS#1181 - CVE-2017-16544:

Backport the patch from:
https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
https://nvd.nist.gov/vuln/detail/CVE-2017-16544

Signed-off-by: Derek Werthmuller <thewerthfam@gmail.com>
Signed-off-by: John Crispin <john@phrozen.org>
2018-01-02 07:14:08 +01:00
..
001-resource_h_include.patch
busybox: update to version 1.25.0
2016-09-20 22:37:02 +02:00
100-trylink_bash.patch
busybox: update to 1.22.1
2014-05-25 17:42:09 +00:00
101-gen_build_files_bash.patch
busybox: update to 1.22.1
2014-05-25 17:42:09 +00:00
110-no_static_libgcc.patch
busybox: update to 1.22.1
2014-05-25 17:42:09 +00:00
130-mconf_missing_sigwinch.patch
busybox: update to 1.22.1
2014-05-25 17:42:09 +00:00
200-udhcpc_reduce_msgs.patch
busybox: update to 1.27.2
2017-08-30 22:34:41 +02:00
201-udhcpc_changed_ifindex.patch
busybox: update to 1.27.2
2017-08-30 22:34:41 +02:00
203-udhcpc_renew_no_deconfig.patch
busybox: update to 1.27.2
2017-08-30 22:34:41 +02:00
210-add_netmsg_util.patch
busybox: convert netmsg and lock applet to "new style" applet definition
2017-01-29 14:09:36 +01:00
220-add_lock_util.patch
busybox: convert netmsg and lock applet to "new style" applet definition
2017-01-29 14:09:36 +01:00
230-add_nslookup_lede.patch
merge: busybox: update CONFIG_NSLOOKUP in busybox config and respective patch
2017-12-08 19:41:18 +01:00
240-telnetd_intr.patch
busybox: update to 1.26.2
2017-01-29 14:09:38 +01:00
250-date-k-flag.patch
busybox: update to 1.26.2
2017-01-29 14:09:38 +01:00
270-libbb_make_unicode_printable.patch
busybox: update to version 1.24.1
2015-10-30 15:18:17 +00:00
301-ip-link-fix-netlink-msg-size.patch
busybox: update to 1.27.2
2017-08-30 22:34:41 +02:00
500-move-traceroute-applets-to-bin.patch
busybox: move traceroute applets to /bin
2017-08-30 18:12:48 +02:00
510-move-passwd-applet-to-bin.patch
busybox: move passwd applet to /bin
2017-08-30 18:12:48 +02:00
600-cve-2017-16544.patch
busybox: backport cve-2017-16544 fix
2018-01-02 07:14:08 +01:00