Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 1 Oct 2014 21:51:25 +0000
From: "Henry, Bobby" <Bobby.Henry@...edient.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>,
	"Chet Ramey" <chet.ramey@...e.edu>
Subject: RE: more bash parser bugs (CVE-2014-6277,
 CVE-2014-6278)

I agree, there's gotta be something we can send him for all the hard work.
- Bobby

-----Original Message-----
From: Ed Prevost [mailto:me@...ardprevost.info] 
Sent: Wednesday, October 01, 2014 5:46 PM
To: oss-security@...ts.openwall.com; Chet Ramey
Subject: Re: [oss-security] more bash parser bugs (CVE-2014-6277, CVE-2014-6278)

On 10/1/2014 2:11 PM, Shawn wrote:
> On Thu, Oct 2, 2014 at 5:08 AM, Chet Ramey <chet.ramey@...e.edu> wrote:
>> On 10/1/14, 5:04 PM, Shawn wrote:
>>> http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-028
>> Nope, this one fixes 7168/7169.  It's the equivalent of the 
>> `parser-oob' patch.
>>
>> I have patches that fix 6277/6278 that are in the pipeline.
>>
> oh, s0rry for the mistake...that'd be great if we can get the patch as 
> quickly as possible. Thanks.
>
>> --
>> ``The lyf so short, the craft so long to lerne.'' - Chaucer
>>                  ``Ars longa, vita brevis'' - Hippocrates
>> Chet Ramey, ITS, CWRU    chet@...e.edu    http://cnswww.cns.cwru.edu/~chet/
>
>
Really!? Honestly!? "as quickly as possible"

Man, we really should rally together and at least send Chet a recovery beer basket or something.

--Ed
Application & Network Security, Research Scientist http://EdwardPrevost.info https://twitter.com/@...ardPrevost

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ