mirror of
git://git.openwrt.org/openwrt/openwrt.git
synced 2025-12-08 13:42:10 -05:00
7c0a2bc930
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. Fixes: FS#1181 - CVE-2017-16544: Backport the patch from: https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8 https://nvd.nist.gov/vuln/detail/CVE-2017-16544 Signed-off-by: Derek Werthmuller <thewerthfam@gmail.com> Signed-off-by: John Crispin <john@phrozen.org> |
||
|---|---|---|
| .. | ||
| 001-resource_h_include.patch | ||
| 100-trylink_bash.patch | ||
| 101-gen_build_files_bash.patch | ||
| 110-no_static_libgcc.patch | ||
| 130-mconf_missing_sigwinch.patch | ||
| 200-udhcpc_reduce_msgs.patch | ||
| 201-udhcpc_changed_ifindex.patch | ||
| 203-udhcpc_renew_no_deconfig.patch | ||
| 210-add_netmsg_util.patch | ||
| 220-add_lock_util.patch | ||
| 230-add_nslookup_lede.patch | ||
| 240-telnetd_intr.patch | ||
| 250-date-k-flag.patch | ||
| 270-libbb_make_unicode_printable.patch | ||
| 301-ip-link-fix-netlink-msg-size.patch | ||
| 500-move-traceroute-applets-to-bin.patch | ||
| 510-move-passwd-applet-to-bin.patch | ||
| 600-cve-2017-16544.patch | ||