> Whilst this is true, it looks like OpenWRT fixed the hash truncation but not t... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

cesarb 18 days ago | parent | context | favorite | on: Compromising OpenWrt Supply Chain

> Whilst this is true, it looks like OpenWRT fixed the hash truncation but not the command injection.

They did fix both AFAIK, the command injection fix is https://github.com/openwrt/asu/commit/deadda8097d49500260b17... (source: https://openwrt.org/advisory/2024-12-06).

orra 18 days ago [–]

Thanks for the correction and sorry for the mistake. I skimmed the changes but apparently not very well.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact