On 12/08/2014 04:45 PM, Orion Poplawski wrote: > On 12/08/2014 06:20 AM, Denys Vlasenko wrote: >> On 12/05/2014 05:43 PM, Orion Poplawski wrote: >>> Starting the non-reponsive maintainter process for vda - Denys Vlasenko - >>> dvlasenk@xxxxxxxxxx as he appears to have completely abandoned busybox. >>> Anyone know him or how to contact? >> >> Hi. I'm here. >> How can I help you? > > Are you still interested in maintaining busybox? There are a number of > outstanding issues: > > https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&component=busybox&list_id=3072742&product=Fedora&query_format=advanced > > including a CVE and new versions being available. Thank you for reminding me. I'll go through the bugs in the list. Quick look summary ================== 1024549 Bundled MD5: quite likely WONTFIX. Use of small internal implementations of hash function and the like is intended. 346651 Port busybox to use NSS library for cryptography: see above 919610 CVE-2013-1813 busybox: insecure directory permissions in /dev [fedora-all]: easy backport possible 732185 nfsroot scripts use the wrong mount: I don't understand bug description there. reporter did not respond to requests for clarification. Likely will be CLOSED/INSUFFICIENT_DATA 731347 CVE-2011-2716 busybox: udhcpc insufficient checking of DHCP options [fedora-all]: Easy backport possible 815064 busybox-1.22.1 is available: Yes, need to switch to it 802017 busybox not built based on $RPM_OPT_FLAGS, no sources in -debuginfo: Not sure we can and want to do that... 1008254 [abrt] busybox-1.19.4-10.fc19: kill_main: Process /usr/sbin/busybox was killed by signal 11 (SIGSEGV): Did not look into this yet. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
