Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 25 Sep 2014 21:56:24 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: Fwd: Non-upstream patches for bash

On Thu, Sep 25, 2014 at 11:19:24PM +0530, Huzaifa Sidhpurwala wrote:
> Based on the current situation and the fact that there is confusion 
> about what patch to use for the bash issue. I wanted to post this here.

Thanks!

> From: Florian Weimer <fweimer@...hat.com>
[...]
> Internal analysis revealed two out-of-bounds array accesses in the bash
> parser.  This was also independently and privately reported by Todd
> Sabin <tsabin@...online.net>.

Have these been reported upstream?

What's the oldest version of bash affected by them?

Your reproducers didn't trigger any obvious misbehavior here with 3.1.8
with lots of unrelated patches.  Of course, this does not mean much, but
maybe these issues are in fact 3.2+?

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ