diff --git a/backport-CVE-2023-42363.patch b/backport-CVE-2023-42363.patch deleted file mode 100644 index 89e52ab2af5668b9b370cdfe402a9b61ab3bcf87..0000000000000000000000000000000000000000 --- a/backport-CVE-2023-42363.patch +++ /dev/null @@ -1,31 +0,0 @@ -From c8f999803ab38f97488091ea20d8d2e4967452d2 Mon Sep 17 00:00:00 2001 -From: liuxu -Date: Wed, 19 Jun 2024 11:44:32 +0800 -Subject: [PATCH 4/4] awk: fix use after free (CVE-2023-42363) - -backport from upstream: -https://git.alpinelinux.org/aports/plain/main/busybox/0001-awk-fix-use-after-free-CVE-2023-42363.patch - -Signed-off-by: liuxu ---- - editors/awk.c | 4 ---- - 1 file changed, 4 deletions(-) - -diff --git a/editors/awk.c b/editors/awk.c -index 7a73f04..8f146fc 100644 ---- a/editors/awk.c -+++ b/editors/awk.c -@@ -2944,10 +2944,6 @@ static var *evaluate(node *op, var *res) - /* yes, remember where Fields[] is */ - old_Fields_ptr = Fields; - } -- if (opinfo & OF_STR1) { -- L.s = getvar_s(L.v); -- debug_printf_eval("L.s:'%s'\n", L.s); -- } - if (opinfo & OF_NUM1) { - L_d = getvar_i(L.v); - debug_printf_eval("L_d:%f\n", L_d); --- -2.43.0 - diff --git a/backport-CVE-2023-42364-CVE-2023-42365.patch b/backport-CVE-2023-42364-CVE-2023-42365.patch deleted file mode 100644 index d59d305a08738916837219ad1a4c50c7be15d560..0000000000000000000000000000000000000000 --- a/backport-CVE-2023-42364-CVE-2023-42365.patch +++ /dev/null @@ -1,292 +0,0 @@ -From 6eabe2d43d464d34df1670192aef6c4966ab1a94 Mon Sep 17 00:00:00 2001 -From: Denys Vlasenko -Date: Tue, 30 May 2023 16:42:18 +0200 -Subject: [PATCH 1/2] awk: fix precedence of = relative to == - -backport from upstream: -https://git.alpinelinux.org/aports/plain/main/busybox/CVE-2023-42364-CVE-2023-42365.patch - -Discovered while adding code to disallow assignments to non-lvalues - -function old new delta -parse_expr 936 991 +55 -.rodata 105243 105247 +4 ------------------------------------------------------------------------------- -(add/remove: 0/0 grow/shrink: 2/0 up/down: 59/0) Total: 59 bytes - -Signed-off-by: Denys Vlasenko -(cherry picked from commit 0256e00a9d077588bd3a39f5a1ef7e2eaa2911e4) ---- - editors/awk.c | 66 ++++++++++++++++++++++++++++++--------------- - testsuite/awk.tests | 5 ++++ - 2 files changed, 50 insertions(+), 21 deletions(-) - -diff --git a/editors/awk.c b/editors/awk.c -index 728ee8685..3f4e0600d 100644 ---- a/editors/awk.c -+++ b/editors/awk.c -@@ -337,7 +337,9 @@ static void debug_parse_print_tc(uint32_t n) - #undef P - #undef PRIMASK - #undef PRIMASK2 --#define P(x) (x << 24) -+/* Smaller 'x' means _higher_ operator precedence */ -+#define PRECEDENCE(x) (x << 24) -+#define P(x) PRECEDENCE(x) - #define PRIMASK 0x7F000000 - #define PRIMASK2 0x7E000000 - -@@ -360,7 +362,7 @@ enum { - OC_MOVE = 0x1f00, OC_PGETLINE = 0x2000, OC_REGEXP = 0x2100, - OC_REPLACE = 0x2200, OC_RETURN = 0x2300, OC_SPRINTF = 0x2400, - OC_TERNARY = 0x2500, OC_UNARY = 0x2600, OC_VAR = 0x2700, -- OC_DONE = 0x2800, -+ OC_CONST = 0x2800, OC_DONE = 0x2900, - - ST_IF = 0x3000, ST_DO = 0x3100, ST_FOR = 0x3200, - ST_WHILE = 0x3300 -@@ -440,9 +442,9 @@ static const uint32_t tokeninfo[] ALIGN4 = { - #define TI_PREINC (OC_UNARY|xV|P(9)|'P') - #define TI_PREDEC (OC_UNARY|xV|P(9)|'M') - TI_PREINC, TI_PREDEC, OC_FIELD|xV|P(5), -- OC_COMPARE|VV|P(39)|5, OC_MOVE|VV|P(74), OC_REPLACE|NV|P(74)|'+', OC_REPLACE|NV|P(74)|'-', -- OC_REPLACE|NV|P(74)|'*', OC_REPLACE|NV|P(74)|'/', OC_REPLACE|NV|P(74)|'%', OC_REPLACE|NV|P(74)|'&', -- OC_BINARY|NV|P(29)|'+', OC_BINARY|NV|P(29)|'-', OC_REPLACE|NV|P(74)|'&', OC_BINARY|NV|P(15)|'&', -+ OC_COMPARE|VV|P(39)|5, OC_MOVE|VV|P(38), OC_REPLACE|NV|P(38)|'+', OC_REPLACE|NV|P(38)|'-', -+ OC_REPLACE|NV|P(38)|'*', OC_REPLACE|NV|P(38)|'/', OC_REPLACE|NV|P(38)|'%', OC_REPLACE|NV|P(38)|'&', -+ OC_BINARY|NV|P(29)|'+', OC_BINARY|NV|P(29)|'-', OC_REPLACE|NV|P(38)|'&', OC_BINARY|NV|P(15)|'&', - OC_BINARY|NV|P(25)|'/', OC_BINARY|NV|P(25)|'%', OC_BINARY|NV|P(15)|'&', OC_BINARY|NV|P(25)|'*', - OC_COMPARE|VV|P(39)|4, OC_COMPARE|VV|P(39)|3, OC_COMPARE|VV|P(39)|0, OC_COMPARE|VV|P(39)|1, - #define TI_LESS (OC_COMPARE|VV|P(39)|2) -@@ -1290,7 +1292,7 @@ static uint32_t next_token(uint32_t expected) - save_tclass = tc; - save_info = t_info; - tc = TC_BINOPX; -- t_info = OC_CONCAT | SS | P(35); -+ t_info = OC_CONCAT | SS | PRECEDENCE(35); - } - - t_tclass = tc; -@@ -1350,9 +1352,8 @@ static node *parse_expr(uint32_t term_tc) - { - node sn; - node *cn = &sn; -- node *vn, *glptr; -+ node *glptr; - uint32_t tc, expected_tc; -- var *v; - - debug_printf_parse("%s() term_tc(%x):", __func__, term_tc); - debug_parse_print_tc(term_tc); -@@ -1363,11 +1364,12 @@ static node *parse_expr(uint32_t term_tc) - expected_tc = TS_OPERAND | TS_UOPPRE | TC_REGEXP | term_tc; - - while (!((tc = next_token(expected_tc)) & term_tc)) { -+ node *vn; - - if (glptr && (t_info == TI_LESS)) { - /* input redirection (<) attached to glptr node */ - debug_printf_parse("%s: input redir\n", __func__); -- cn = glptr->l.n = new_node(OC_CONCAT | SS | P(37)); -+ cn = glptr->l.n = new_node(OC_CONCAT | SS | PRECEDENCE(37)); - cn->a.n = glptr; - expected_tc = TS_OPERAND | TS_UOPPRE; - glptr = NULL; -@@ -1379,24 +1381,42 @@ static node *parse_expr(uint32_t term_tc) - * previous operators with higher priority */ - vn = cn; - while (((t_info & PRIMASK) > (vn->a.n->info & PRIMASK2)) -- || ((t_info == vn->info) && t_info == TI_COLON) -+ || (t_info == vn->info && t_info == TI_COLON) - ) { - vn = vn->a.n; - if (!vn->a.n) syntax_error(EMSG_UNEXP_TOKEN); - } - if (t_info == TI_TERNARY) - //TODO: why? -- t_info += P(6); -+ t_info += PRECEDENCE(6); - cn = vn->a.n->r.n = new_node(t_info); - cn->a.n = vn->a.n; - if (tc & TS_BINOP) { - cn->l.n = vn; --//FIXME: this is the place to detect and reject assignments to non-lvalues. --//Currently we allow "assignments" to consts and temporaries, nonsense like this: --// awk 'BEGIN { "qwe" = 1 }' --// awk 'BEGIN { 7 *= 7 }' --// awk 'BEGIN { length("qwe") = 1 }' --// awk 'BEGIN { (1+1) += 3 }' -+ -+ /* Prevent: -+ * awk 'BEGIN { "qwe" = 1 }' -+ * awk 'BEGIN { 7 *= 7 }' -+ * awk 'BEGIN { length("qwe") = 1 }' -+ * awk 'BEGIN { (1+1) += 3 }' -+ */ -+ /* Assignment? (including *= and friends) */ -+ if (((t_info & OPCLSMASK) == OC_MOVE) -+ || ((t_info & OPCLSMASK) == OC_REPLACE) -+ ) { -+ debug_printf_parse("%s: MOVE/REPLACE vn->info:%08x\n", __func__, vn->info); -+ /* Left side is a (variable or array element) -+ * or function argument -+ * or $FIELD ? -+ */ -+ if ((vn->info & OPCLSMASK) != OC_VAR -+ && (vn->info & OPCLSMASK) != OC_FNARG -+ && (vn->info & OPCLSMASK) != OC_FIELD -+ ) { -+ syntax_error(EMSG_UNEXP_TOKEN); /* no. bad */ -+ } -+ } -+ - expected_tc = TS_OPERAND | TS_UOPPRE | TC_REGEXP; - if (t_info == TI_PGETLINE) { - /* it's a pipe */ -@@ -1432,6 +1452,8 @@ static node *parse_expr(uint32_t term_tc) - /* one should be very careful with switch on tclass - - * only simple tclasses should be used (TC_xyz, not TS_xyz) */ - switch (tc) { -+ var *v; -+ - case TC_VARIABLE: - case TC_ARRAY: - debug_printf_parse("%s: TC_VARIABLE | TC_ARRAY\n", __func__); -@@ -1452,14 +1474,14 @@ static node *parse_expr(uint32_t term_tc) - case TC_NUMBER: - case TC_STRING: - debug_printf_parse("%s: TC_NUMBER | TC_STRING\n", __func__); -- cn->info = OC_VAR; -+ cn->info = OC_CONST; - v = cn->l.v = xzalloc(sizeof(var)); -- if (tc & TC_NUMBER) -+ if (tc & TC_NUMBER) { - setvar_i(v, t_double); -- else { -+ } else { - setvar_s(v, t_string); -- expected_tc &= ~TC_UOPPOST; /* "str"++ is not allowed */ - } -+ expected_tc &= ~TC_UOPPOST; /* NUM++, "str"++ not allowed */ - break; - - case TC_REGEXP: -@@ -3088,6 +3110,8 @@ static var *evaluate(node *op, var *res) - - /* -- recursive node type -- */ - -+ case XC( OC_CONST ): -+ debug_printf_eval("CONST "); - case XC( OC_VAR ): - debug_printf_eval("VAR\n"); - L.v = op->l.v; -diff --git a/testsuite/awk.tests b/testsuite/awk.tests -index bbf0fbff1..a71ef3b26 100755 ---- a/testsuite/awk.tests -+++ b/testsuite/awk.tests -@@ -485,4 +485,9 @@ testing 'awk assign while test' \ - "" \ - "foo" - -+testing "awk = has higher precedence than == (despite what gawk manpage claims)" \ -+ "awk 'BEGIN { v=1; print 2==v; print 2==v=2; print v; print v=3==3; print v}'" \ -+ '0\n1\n2\n1\n3\n' \ -+ '' '' -+ - exit $FAILCOUNT --- -2.45.2 - - -From 947f3d2d2739afe248bf5343eaf9e35f3fd95dc2 Mon Sep 17 00:00:00 2001 -From: Natanael Copa -Date: Tue, 21 May 2024 14:46:08 +0200 -Subject: [PATCH 2/2] awk: fix ternary operator and precedence of = - -Adjust the = precedence test to match behavior of gawk, mawk and -FreeBSD. awk 'BEGIN {print v=3==3; print v}' should print two '1'. - -To fix this, and to unbreak the ternary conditional operator, we restore -the precedence of = in the token list, but override this with a lower -priority when the assignment is on the right side of a compare. - -This fixes commit 0256e00a9d07 (awk: fix precedence of = relative to ==) - -Signed-off-by: Natanael Copa -(cherry picked from commit 1714301c405ef03b39605c85c23f22a190cddd95) ---- - editors/awk.c | 18 ++++++++++++++---- - testsuite/awk.tests | 9 +++++++-- - 2 files changed, 21 insertions(+), 6 deletions(-) - -diff --git a/editors/awk.c b/editors/awk.c -index 3f4e0600d..85e0f50cd 100644 ---- a/editors/awk.c -+++ b/editors/awk.c -@@ -442,9 +442,10 @@ static const uint32_t tokeninfo[] ALIGN4 = { - #define TI_PREINC (OC_UNARY|xV|P(9)|'P') - #define TI_PREDEC (OC_UNARY|xV|P(9)|'M') - TI_PREINC, TI_PREDEC, OC_FIELD|xV|P(5), -- OC_COMPARE|VV|P(39)|5, OC_MOVE|VV|P(38), OC_REPLACE|NV|P(38)|'+', OC_REPLACE|NV|P(38)|'-', -- OC_REPLACE|NV|P(38)|'*', OC_REPLACE|NV|P(38)|'/', OC_REPLACE|NV|P(38)|'%', OC_REPLACE|NV|P(38)|'&', -- OC_BINARY|NV|P(29)|'+', OC_BINARY|NV|P(29)|'-', OC_REPLACE|NV|P(38)|'&', OC_BINARY|NV|P(15)|'&', -+#define TI_ASSIGN (OC_MOVE|VV|P(74)) -+ OC_COMPARE|VV|P(39)|5, TI_ASSIGN, OC_REPLACE|NV|P(74)|'+', OC_REPLACE|NV|P(74)|'-', -+ OC_REPLACE|NV|P(74)|'*', OC_REPLACE|NV|P(74)|'/', OC_REPLACE|NV|P(74)|'%', OC_REPLACE|NV|P(74)|'&', -+ OC_BINARY|NV|P(29)|'+', OC_BINARY|NV|P(29)|'-', OC_REPLACE|NV|P(74)|'&', OC_BINARY|NV|P(15)|'&', - OC_BINARY|NV|P(25)|'/', OC_BINARY|NV|P(25)|'%', OC_BINARY|NV|P(15)|'&', OC_BINARY|NV|P(25)|'*', - OC_COMPARE|VV|P(39)|4, OC_COMPARE|VV|P(39)|3, OC_COMPARE|VV|P(39)|0, OC_COMPARE|VV|P(39)|1, - #define TI_LESS (OC_COMPARE|VV|P(39)|2) -@@ -1376,11 +1377,19 @@ static node *parse_expr(uint32_t term_tc) - continue; - } - if (tc & (TS_BINOP | TC_UOPPOST)) { -+ int prio; - debug_printf_parse("%s: TS_BINOP | TC_UOPPOST tc:%x\n", __func__, tc); - /* for binary and postfix-unary operators, jump back over - * previous operators with higher priority */ - vn = cn; -- while (((t_info & PRIMASK) > (vn->a.n->info & PRIMASK2)) -+ /* Let assignment get higher priority when used on right -+ * side in compare. i.e: 2==v=3 */ -+ if (t_info == TI_ASSIGN && (vn->a.n->info & OPCLSMASK) == OC_COMPARE) { -+ prio = PRECEDENCE(38); -+ } else { -+ prio = (t_info & PRIMASK); -+ } -+ while ((prio > (vn->a.n->info & PRIMASK2)) - || (t_info == vn->info && t_info == TI_COLON) - ) { - vn = vn->a.n; -@@ -1412,6 +1421,7 @@ static node *parse_expr(uint32_t term_tc) - if ((vn->info & OPCLSMASK) != OC_VAR - && (vn->info & OPCLSMASK) != OC_FNARG - && (vn->info & OPCLSMASK) != OC_FIELD -+ && (vn->info & OPCLSMASK) != OC_COMPARE - ) { - syntax_error(EMSG_UNEXP_TOKEN); /* no. bad */ - } -diff --git a/testsuite/awk.tests b/testsuite/awk.tests -index a71ef3b26..c2f57605b 100755 ---- a/testsuite/awk.tests -+++ b/testsuite/awk.tests -@@ -485,9 +485,14 @@ testing 'awk assign while test' \ - "" \ - "foo" - --testing "awk = has higher precedence than == (despite what gawk manpage claims)" \ -+testing "awk = has higher precedence than == on right side" \ - "awk 'BEGIN { v=1; print 2==v; print 2==v=2; print v; print v=3==3; print v}'" \ -- '0\n1\n2\n1\n3\n' \ -+ '0\n1\n2\n1\n1\n' \ -+ '' '' -+ -+testing 'awk ternary precedence' \ -+ "awk 'BEGIN { a = 0 ? \"yes\": \"no\"; print a }'" \ -+ 'no\n' \ - '' '' - - exit $FAILCOUNT --- -2.45.2 - diff --git a/backport-CVE-2023-42366.patch b/backport-CVE-2023-42366.patch deleted file mode 100644 index 03f1d7265e4e95cb663bdb1e67ec31039c1a679b..0000000000000000000000000000000000000000 --- a/backport-CVE-2023-42366.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 5cf8b332429a1dd9afef3337bae92aeddaeff993 Mon Sep 17 00:00:00 2001 -From: Valery Ushakov -Date: Wed, 24 Jan 2024 22:24:41 +0300 -Subject: [PATCH] awk.c: fix CVE-2023-42366 (bug #15874) - -backport from upstream: -https://git.alpinelinux.org/aports/plain/main/busybox/0037-awk.c-fix-CVE-2023-42366-bug-15874.patch - -Make sure we don't read past the end of the string in next_token() -when backslash is the last character in an (invalid) regexp. - -https://bugs.busybox.net/show_bug.cgi?id=15874 ---- - editors/awk.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/editors/awk.c b/editors/awk.c -index 728ee8685..be48df7c7 100644 ---- a/editors/awk.c -+++ b/editors/awk.c -@@ -1165,9 +1165,11 @@ static uint32_t next_token(uint32_t expected) - s[-1] = bb_process_escape_sequence((const char **)&pp); - if (*p == '\\') - *s++ = '\\'; -- if (pp == p) -+ if (pp == p) { -+ if (*p == '\0') -+ syntax_error(EMSG_UNEXP_EOS); - *s++ = *p++; -- else -+ } else - p = pp; - } - } --- -2.34.1 - diff --git a/backport-awk-fix-use-after-realloc-CVE-2021-42380-closes-1560.patch b/backport-awk-fix-use-after-realloc-CVE-2021-42380-closes-1560.patch deleted file mode 100644 index f83429a30285da16fef6023effa020b6ab23101d..0000000000000000000000000000000000000000 --- a/backport-awk-fix-use-after-realloc-CVE-2021-42380-closes-1560.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 09656b9beb583eee73b58f64e0e43c0df262c99c Mon Sep 17 00:00:00 2001 -From: liuxu -Date: Wed, 19 Jun 2024 11:32:49 +0800 -Subject: [PATCH 3/4] awk: fix use-after-realloc (CVE-2021-42380), closes 15601 - -backport from upstream: -https://git.alpinelinux.org/aports/plain/main/busybox/0029-awk-fix-use-after-realloc-CVE-2021-42380-closes-1560.patch - -Signed-off-by: liuxu ---- - editors/awk.c | 34 ++++++++++++++++++++++++++++------ - 1 file changed, 28 insertions(+), 6 deletions(-) - -diff --git a/editors/awk.c b/editors/awk.c -index e1d510c..7a73f04 100644 ---- a/editors/awk.c -+++ b/editors/awk.c -@@ -558,7 +558,7 @@ struct globals { - const char *g_progname; - int g_lineno; - int nfields; -- int maxfields; /* used in fsrealloc() only */ -+ unsigned maxfields; - var *Fields; - char *g_pos; - char g_saved_ch; -@@ -1965,9 +1965,9 @@ static void fsrealloc(int size) - { - int i, newsize; - -- if (size >= maxfields) { -- /* Sanity cap, easier than catering for overflows */ -- if (size > 0xffffff) -+ if ((unsigned)size >= maxfields) { -+ /* Sanity cap, easier than catering for over/underflows */ -+ if ((unsigned)size > 0xffffff) - bb_die_memory_exhausted(); - - i = maxfields; -@@ -2925,6 +2925,7 @@ static var *evaluate(node *op, var *res) - uint32_t opinfo; - int opn; - node *op1; -+ var *old_Fields_ptr; - - opinfo = op->info; - opn = (opinfo & OPNMASK); -@@ -2933,10 +2934,16 @@ static var *evaluate(node *op, var *res) - debug_printf_eval("opinfo:%08x opn:%08x\n", opinfo, opn); - - /* execute inevitable things */ -+ old_Fields_ptr = NULL; - if (opinfo & OF_RES1) { - if ((opinfo & OF_REQUIRED) && !op1) - syntax_error(EMSG_TOO_FEW_ARGS); - L.v = evaluate(op1, TMPVAR0); -+ /* Does L.v point to $n variable? */ -+ if ((size_t)(L.v - Fields) < maxfields) { -+ /* yes, remember where Fields[] is */ -+ old_Fields_ptr = Fields; -+ } - if (opinfo & OF_STR1) { - L.s = getvar_s(L.v); - debug_printf_eval("L.s:'%s'\n", L.s); -@@ -2955,14 +2962,29 @@ static var *evaluate(node *op, var *res) - */ - if (opinfo & OF_RES2) { - R.v = evaluate(op->r.n, TMPVAR1); -- //TODO: L.v may be invalid now, set L.v to NULL to catch bugs? -- //L.v = NULL; -+ /* Seen in $5=$$5=$0: -+ * Evaluation of R.v ($$5=$0 expression) -+ * made L.v ($5) invalid. It's detected here. -+ */ -+ if (old_Fields_ptr) { -+ //if (old_Fields_ptr != Fields) -+ // debug_printf_eval("L.v moved\n"); -+ L.v += Fields - old_Fields_ptr; -+ } - if (opinfo & OF_STR2) { - R.s = getvar_s(R.v); - debug_printf_eval("R.s:'%s'\n", R.s); - } - } - -+ /* Must get L.s after R.v is evaluated in case it realloc's L.v. -+ * eg: x = (v = "abc", gsub("b", "X", v)); -+ */ -+ if ((opinfo & OF_RES1) && (opinfo & OF_STR1)) { -+ L.s = getvar_s(L.v); -+ debug_printf_eval("L.s:'%s'\n", L.s); -+ } -+ - debug_printf_eval("switch(0x%x)\n", XC(opinfo & OPCLSMASK)); - switch (XC(opinfo & OPCLSMASK)) { - --- -2.43.0 - diff --git a/busybox.spec b/busybox.spec index 0415cd7e46991992201c0c38aa7da8390326bae8..511f666e845a83ae93a814e1c0b029f53b9beb48 100644 --- a/busybox.spec +++ b/busybox.spec @@ -4,7 +4,7 @@ %endif %if "%{!?RELEASE:1}" -%define RELEASE 20 +%define RELEASE 21 %endif Epoch: 1 @@ -30,10 +30,6 @@ Patch6006: backport-CVE-2022-28391.patch Patch6007: backport-CVE-2022-30065.patch Patch6008: backport-fix-use-after-free-in-bc-module.patch Patch6009: backport-CVE-2022-48174.patch -Patch6010: backport-CVE-2023-42364-CVE-2023-42365.patch -Patch6011: backport-CVE-2023-42366.patch -Patch6012: backport-awk-fix-use-after-realloc-CVE-2021-42380-closes-1560.patch -Patch6013: backport-CVE-2023-42363.patch BuildRoot: %_topdir/BUILDROOT #Dependency @@ -109,6 +105,12 @@ install -m 644 docs/busybox.dynamic.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1 %{_mandir}/man1/busybox.petitboot.1.gz %changelog +* Tue Jun 25 2024 liuxu - 1:1.31.1-21 +- Type:CVE +- Id:NA +- SUG:NA +- DESC:revert fix CVE-2023-42364 CVE-2023-42365 CVE-2023-42366 CVE-2023-42363 + * Wed Jun 19 2024 liuxu - 1:1.31.1-20 - Type:CVE - Id:NA