Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 24 Sep 2014 21:36:47 -0400 (EDT)
From: cve-assign@...re.org
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: CVE-2014-6271: remote code execution through bash

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MITRE is currently using CVE-2014-7169 to track the report of the
incomplete patch, i.e., incorrect function parsing that's present in
builds that are up-to-date with the
http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025 changes. We
realize that other people may be releasing further information about
the technical details and implications later. CVE-2014-7169 expresses
the affected upstream versions as "GNU Bash through 4.3 bash43-025" --
in general, this would include distribution packages released earlier
today (2014-09-24).

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUI3DaAAoJEKllVAevmvms+/kH/32ZGjC+BSqKoz6ZBUCMLnQ2
+Li91/GvD0Rs8bqKPDsz30spiJR57ZluKMrlxJrlIffiHqAFiYkQ3+JXmnK/HAnA
OtgToNtZ+1BV2jPrjXhuy2h+E5paTXMhM0T12xaUo89vtE7oer4Pld4JDqreXSSk
1Nfu5AaGcvbBmwaNRn1qw+nARw0CFPmMRa169jQAesAAcyNx8V7IPgFpPj4K4S8c
0zKXVdhIZxXvPcdZ5QzXKhcluOyOl1dJsjXR1qXT03QJsvhRighqb/3dZy+4mLyl
JWhDfs7l8XXGCzbF8eSg2CNBpTGy1d/32F7YqaKj53xWFWyktHtbk4nJ5hlPlKU=
=E9tp
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ