Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 3 Oct 2014 10:28:24 +0000
From: Sona Sarmadi <>
To: "" <>
Subject: RE: more bash parser bugs (CVE-2014-6277,

> So there isn't still any specific patch for CVE-2014-6277 and CVE-2014-6278
> according to your post   (
> security/2014/10/02/28)?
> > * CVE-2014-6277 - uninitialized memory issue, almost certainly RCE
> > found by me. No specific patch yet.
> > * CVE-2014-6278 - command injection RCE found by me. No specific patch
> yet.
> But Florian's unofficial patch or its upstream version (bash43-027 & co)
> mitigates *ALL* these six so far known CVE, right?

I found some good answer here, thanks Michal :)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ