Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 7 Oct 2016 10:45:16 -0400
From: Chet Ramey <chet.ramey@...e.edu>
To: Leo Famulari <leo@...ulari.name>, oss-security@...ts.openwall.com
Cc: chet.ramey@...e.edu, john.haxby@...cle.com
Subject: Re: Re: CVE-2016-0634 -- bash prompt expanding
 $HOSTNAME

On 9/27/16 4:55 PM, Leo Famulari wrote:
> On Fri, Sep 16, 2016 at 03:56:01PM -0400, Chet Ramey wrote:
>>>> I believe the fix in parse.y is this (Chet, please correct me if I'm wrong):
>>>
>>> Yes, that is the current fix for this.  There are other ways to do it.
>>
>> Here's a patch to bash-4.3 that will fix this.
> 
> Hi Chet,
> 
> Thanks for the patch! Do you plan to add it to the bash-4.3-patches
> series [0]?

This went out as bash-4.3 patch 47.


-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
		 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    chet@...e.edu    http://cnswww.cns.cwru.edu/~chet/



[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ