[3.19] main/busybox: backport patch for CVE-2023-42366 (!66011) · Merge requests · alpine / aports

I am still unsure if we want to backport this because:

The CVE is bogus in the sense that this is not a security problem unless you are executing attacker-controlled awk code.
The fix is not upstream, this is just a patch taken from the BusyBox bug tracker.

Furthermore, if we want to backport this we also need to backport it for additional -stable branches.

Edited May 16, 2024 by Sören Tempel

[3.19] main/busybox: backport patch for CVE-2023-42366