Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:

> This fixes CVE-2023-42363, CVE-2023-42364, CVE-2023-42365 and
> CVE-2023-42366.
>
> * gnu/packages/busybox.scm (busybox): Update to 1.37.0.
> ---
>  gnu/packages/busybox.scm | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/busybox.scm b/gnu/packages/busybox.scm
> index f811a7175f..46398da213 100644
> --- a/gnu/packages/busybox.scm
> +++ b/gnu/packages/busybox.scm
> @@ -36,7 +36,7 @@ (define-module (gnu packages busybox)
>  (define-public busybox
>    (package
>      (name "busybox")
> -    (version "1.36.1")
> +    (version "1.37.0")
>      (source (origin
>                (method url-fetch)
>                (uri (string-append
> @@ -44,7 +44,7 @@ (define-public busybox
>                      version ".tar.bz2"))
>                (sha256
>                 (base32
> -                "0573gpj51phcz04sg77iznvcxmf5jnbk9gn3g5r9x02daz4j9k5q"))))
> +                "1923f21rnlbv1qjvk2qhgqnki5mkgr6z0p8dvzs9jr3l5vrxy49k"))))
>      (build-system gnu-build-system)
>      (arguments
>       (list #:phases
push, close.