Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 18 Feb 2015 20:32:04 -0500
From: Michael Gilbert <>
Subject: Re: Re: CVE Request: xdg-utils: xdg-open: command
 injection vulnerability

On Wed, Feb 18, 2015 at 1:35 PM, CVE assign wrote:
> Our understanding from
> is that
> the report has not identified a vulnerability (or even a bug) in dash.

It is probably at least a design flaw (and a reasonably
well-documented one at that [0]).  Bash on the other hand is not
vulnerable to the same class of problems:

$ cat testme
testme() {
   local x
   echo $x

$ bash testme

$ dash testme

Best wishes,

[0] $ man dash

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ