Prepare stable update of busybox

Hello @tobi,

Some busybox CVEs have been fixed in bullseye (and older) but remain non-fixed in bookworm. Those CVEs have been marked by the security team as no-dsa, so they have no immediate plans to deal with them. Could you please coordinate with the maintainer and SRM to have an updated package included in the next point release. Additionally, please keep the security team informed concerning this matter by mailing team@security.debian.org with a brief summary once a course of action has been agreed upon between yourself, the maintainer, and SRM (as applicable).

• Package: busybox
• DLA: [DLA 4019-1] https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html
• Version in DLA: busybox/bullseye 1:1.30.1-6+deb11u1
• CVE(s):
  • https://security-tracker.debian.org/tracker/CVE-2023-42364
  • https://security-tracker.debian.org/tracker/CVE-2023-42365
  • https://security-tracker.debian.org/tracker/CVE-2022-48174
• Fixed in: bullseye
• Still present in: bookworm

TIA!