Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 2 Oct 2014 18:45:10 +0000
From: "Menkhus, Mark (Global Cyber Security SSRT)" <mark.menkhus@...com>
To: Sona Sarmadi <sona.sarmadi@...a.com>, "oss-security@...ts.openwall.com"
	<oss-security@...ts.openwall.com>
CC: Solar Designer <solar@...nwall.com>
Subject: RE: more bash parser bugs (CVE-2014-6277,
 CVE-2014-6278)

Thanks, 

I was reading the list, but missed this one.  I shared it with a lot of my friends at HP!

Mark

-----Original Message-----
From: Sona Sarmadi [mailto:sona.sarmadi@...a.com] 
Sent: Thursday, October 02, 2014 12:35 PM
To: Menkhus, Mark (Global Cyber Security SSRT); oss-security@...ts.openwall.com
Cc: Solar Designer
Subject: RE: [oss-security] more bash parser bugs (CVE-2014-6277, CVE-2014-6278)


> What URL do I point to see the security bugs listed by CVE for CVE for 
> bash43-
> 25 through -28?
> 
> I didn't see it in the patches themselves - 
> ftp://ftp.cwru.edu/pub/bash/bash-4.3-patches
> 
> Sorry, I am new to bash culture,
> Mark Menkhus
> Hewlett Packard

Mark
Look here (from Michal 's post) for a summary of each CVE and corresponding upstream patches (GNU patches): 
http://www.openwall.com/lists/oss-security/2014/10/02/28 

/Sona

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ