Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 01 Oct 2014 21:48:45 -0400
From: Chet Ramey <>
To: Shawn <>
Subject: Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278)

On 10/1/14, 5:11 PM, Shawn wrote:
> On Thu, Oct 2, 2014 at 5:08 AM, Chet Ramey <> wrote:
>> On 10/1/14, 5:04 PM, Shawn wrote:
>> Nope, this one fixes 7168/7169.  It's the equivalent of the
>> `parser-oob' patch.
>> I have patches that fix 6277/6278 that are in the pipeline.
> oh, s0rry for the mistake...that'd be great if we can get the patch as
> quickly as possible. Thanks.

I hope to have them by the end of the week.  It's a backporting issue:
the fix I have for 6278 uses capabilities not in previous versions of bash.
There's a very simple fix that can be used in a pinch, but it doesn't
prevent the function from being defined.


``The lyf so short, the craft so long to lerne.'' - Chaucer
		 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ