From 13397b2b95b4800fb0a29c3d483fa280d10f0eb0 Mon Sep 17 00:00:00 2001
From: Hauke Mehrtens <hauke@hauke-m.de>
Date: Sun, 2 May 2021 17:42:19 +0200
Subject: busybox: backport fix for CVE-2021-28831

This backports a fix for the low priority CVE-2021-28831:
  decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit
  on the huft_build result pointer, with a resultant invalid free or
  segmentation fault, via malformed gzip data.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
---
 package/utils/busybox/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'package/utils/busybox/Makefile')

diff --git a/package/utils/busybox/Makefile b/package/utils/busybox/Makefile
index 9df358ef78..58bc1e6795 100644
--- a/package/utils/busybox/Makefile
+++ b/package/utils/busybox/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=busybox
 PKG_VERSION:=1.33.0
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 PKG_FLAGS:=essential
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-- 
cgit v1.2.3