openwrtv3/package
John Crispin 7c0a2bc930 busybox: backport cve-2017-16544 fix
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2,
the tab autocomplete feature of the shell, used to get a list of filenames
in a directory, does not sanitize filenames and results in executing any
escape sequence in the terminal. This could potentially result in code
execution, arbitrary file writes, or other attacks.

Fixes: FS#1181 - CVE-2017-16544:

Backport the patch from:
https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
https://nvd.nist.gov/vuln/detail/CVE-2017-16544

Signed-off-by: Derek Werthmuller <thewerthfam@gmail.com>
Signed-off-by: John Crispin <john@phrozen.org>
2018-01-02 07:14:08 +01:00
..
base-files base-files: rc.common: fix enable() return code and logic 2018-01-02 07:14:08 +01:00
boot layerscape: fix package download 2017-12-21 10:02:16 +01:00
devel strace: Update to 4.20 2017-12-07 11:46:37 +08:00
firmware layerscape: add byte_swap.py script for ls-rcw package 2017-12-26 23:30:59 +01:00
kernel mwlwifi: update to version 10.3.4.0 / 2017-12-14 2017-12-31 18:46:13 +01:00
libs nghttp2: bump to 1.29.0 2017-12-24 17:06:16 +01:00
network nftables: fix sha256sum 2017-12-31 18:46:13 +01:00
system procd: update to latest git HEAD 2018-01-02 07:14:08 +01:00
utils busybox: backport cve-2017-16544 fix 2018-01-02 07:14:08 +01:00
Makefile build: cleanup tmp/ dir of target rootfs 2017-05-02 22:10:50 +08:00