On 12/08/2014 01:39 PM, Denys Vlasenko wrote:
On 12/08/2014 04:45 PM, Orion Poplawski wrote:
> On 12/08/2014 06:20 AM, Denys Vlasenko wrote:
>> On 12/05/2014 05:43 PM, Orion Poplawski wrote:
>>> Starting the non-reponsive maintainter process for vda - Denys Vlasenko -
>>> dvlasenk(a)redhat.com as he appears to have completely abandoned busybox.
>>> Anyone know him or how to contact?
>>
>> Hi. I'm here.
>> How can I help you?
>
> Are you still interested in maintaining busybox? There are a number of
> outstanding issues:
>
>
https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASS...
>
> including a CVE and new versions being available.
Thank you for reminding me. I'll go through the bugs in the list.
Quick look summary
==================
1024549 Bundled MD5: quite likely WONTFIX. Use of small internal
implementations of hash function and the like is intended.
346651 Port busybox to use NSS library for cryptography:
see above
919610 CVE-2013-1813 busybox: insecure directory permissions in /dev [fedora-all]:
easy backport possible
732185 nfsroot scripts use the wrong mount:
I don't understand bug description there. reporter did not respond
to requests for clarification. Likely will be CLOSED/INSUFFICIENT_DATA
731347 CVE-2011-2716 busybox: udhcpc insufficient checking of DHCP options [fedora-all]:
Easy backport possible
815064 busybox-1.22.1 is available:
Yes, need to switch to it
802017 busybox not built based on $RPM_OPT_FLAGS, no sources in -debuginfo:
Not sure we can and want to do that...
1008254 [abrt] busybox-1.19.4-10.fc19: kill_main: Process /usr/sbin/busybox was killed by
signal 11 (SIGSEGV):
Did not look into this yet.
Thanks for tackling these!
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane orion(a)cora.nwra.com
Boulder, CO 80301
http://www.cora.nwra.com