Date: Thu, 25 Sep 2014 21:56:24 +0400 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: Fwd: Non-upstream patches for bash On Thu, Sep 25, 2014 at 11:19:24PM +0530, Huzaifa Sidhpurwala wrote: > Based on the current situation and the fact that there is confusion > about what patch to use for the bash issue. I wanted to post this here. Thanks! > From: Florian Weimer <fweimer@...hat.com> [...] > Internal analysis revealed two out-of-bounds array accesses in the bash > parser. This was also independently and privately reported by Todd > Sabin <tsabin@...online.net>. Have these been reported upstream? What's the oldest version of bash affected by them? Your reproducers didn't trigger any obvious misbehavior here with 3.1.8 with lots of unrelated patches. Of course, this does not mean much, but maybe these issues are in fact 3.2+? Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ