Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <47b612ea-0e3f-4b53-a711-8d089538fb65@gmail.com>
Date: Thu, 24 Apr 2025 19:09:44 -0400
From: Demi Marie Obenour <demiobenour@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: vulnerabilities in busybox tar and cpio tools

On 4/24/25 3:09 AM, Albert Veli wrote:
> Hi,
> 
> On Wed, Apr 23, 2025 at 10:51 PM Salvatore Bonaccorso <carnil@...ian.org>
> wrote:
> 
>>
>> FTR, this one has assigned CVE-2025-46394
>> ...
>> FTR, this one has CVE-2024-58251 assigned.
> 
> From what I can tell the latest release is busybox-1.37.0. Are these fixed
> in this release? If not, do you have any link to patches I can apply to fix
> these issues?
> 
> Regards,
> Albert

This message was marked as spam by GMail.  The ARC-Authentication-Results
header indicates that the mailing list is not configured in a DMARC-compatible
way.  Specifically, the mailing list did not rewrite the From: header but did
modify the message body, so the DKIM signature check failed.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)
Download attachment "OpenPGP_0xB288B55FFF9C22C1.asc" of type "application/pgp-keys" (7141 bytes)

Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.