CVE-2021-28831
Mousaw, Tim
tmousaw at ptc.com
Wed Apr 28 15:15:05 UTC 2021
Thanks again for the quick reply. I don't know why I assumed the maintainers of BusyBox would also maintain the docker images published. I filed https://github.com/docker-library/busybox/issues/101 for the BusyBox docker image. Not sure if this will require a new release to be published in order to create the docker image.
-----Original Message-----
From: Peter Korsgaard <jacmet at gmail.com> On Behalf Of Peter Korsgaard
Sent: Wednesday, April 28, 2021 10:41 AM
To: Mousaw, Tim <tmousaw at ptc.com>
Cc: Christophe Leroy <christophe.leroy at csgroup.eu>; busybox at busybox.net
Subject: Re: CVE-2021-28831
External email from: jacmet at gmail.com
>>>>> "Mousaw," == Mousaw, Tim <tmousaw at ptc.com> writes:
> Thanks for the quick replies.
> So, once this was merged, did the 1.32.1 image tag of the BusyBox > docker image get rebuilt with it? From what I can tell, this is the > image tag that gets pulled when the "latest" tag is used.
Sorry, I have no idea who owns/builds that docker image, but given that this was added after 1.32.1 was tagged, I would NOT expect it to be included in a 1.32.1 build:
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.buildroot.org%2Fbusybox%2Flog%2F%3Fh%3D1_32_stable&data=04%7C01%7Ctmousaw%40ptc.com%7Cc2a60ca920074470082f08d90a53b626%7Cb9921086ff774d0d828acb3381f678e2%7C0%7C0%7C637552176929051043%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2FSUYh4PrpHEwurAHFiVzSrZYN1lzyEzb711Sa4gXz8A%3D&reserved=0
--
Bye, Peter Korsgaard
More information about the busybox
mailing list