-
Notifications
You must be signed in to change notification settings - Fork 616
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE found in Busybox 1.34.1 and 1.35.0 #61
Comments
Bumping this. Would like to know if this is on the roadmap. We currently use alpine as our gold image of source which has dependency on busybox 1.35.0 and we have 2 critical CVEs due to this version. Will likely have to abandon alpine and refactor a lot of our apps unless this will be remediated |
Is the busybox project dead? Why no updates for almost 2 years? |
On Mon, 2 Jan 2023 at 10:53, Farukh Khan ***@***.***> wrote:
Is the busybox project dead? Why no updates for almost 2 years?
The last commit is 11 days old
https://git.busybox.net/busybox/commit/?id=c4d296aa7c71d3dd812497c02c976124b66a0ff9
Best regards, R-
|
Yeah it's dead |
A new version was released a few days ago. How did you come to the conclusion that it was dead? |
Is the issue resolved in busybox 1.35.0 ? I don’t see info on this CVE in the changelog. |
It should be fixed in version 1.36.0. |
This is just a mirror repository. Developers may not pay attention to the issue here. |
Both Busybox 1.34.1 and 1.35.0 are affected by Critical CVE https://nvd.nist.gov/vuln/detail/cve-2022-28391
Can you please provide any update on when is this going to be fixed with the expected version number.
Thank you
The text was updated successfully, but these errors were encountered: