Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 19 Sep 2016 11:32:01 -0700
From: Seth Arnold <>
To: John Haxby <>
	Jan Schaumann <>,
	"chet.ramey" <>
Subject: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME

On Sun, Sep 18, 2016 at 08:06:57PM +0100, John Haxby wrote:
> >>> A little while ago, one of our users discovered that by setting the
> >>> hostname to $(something unpleasant), bash would run "something
> >>> unpleasant" when it expanded \h in the prompt string.
> > 
> > This issue has been public since October, 2015 in Ubuntu's bug tracking
> > system.
> > 
> Yes, the message was more to let people know that CVE-2016-0634  had
> been assigned for this issue.   Do you have a link to the Ubuntu issue
> and a different CVE number?

Hello John; we did not assign a CVE number for this issue.

Bernd Dietzel reported it at:


Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ