Date: Fri, 7 Oct 2016 10:45:16 -0400 From: Chet Ramey <chet.ramey@...e.edu> To: Leo Famulari <leo@...ulari.name>, oss-security@...ts.openwall.com Cc: chet.ramey@...e.edu, john.haxby@...cle.com Subject: Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME On 9/27/16 4:55 PM, Leo Famulari wrote: > On Fri, Sep 16, 2016 at 03:56:01PM -0400, Chet Ramey wrote: >>>> I believe the fix in parse.y is this (Chet, please correct me if I'm wrong): >>> >>> Yes, that is the current fix for this. There are other ways to do it. >> >> Here's a patch to bash-4.3 that will fix this. > > Hi Chet, > > Thanks for the patch! Do you plan to add it to the bash-4.3-patches > series ? This went out as bash-4.3 patch 47. -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRU chet@...e.edu http://cnswww.cns.cwru.edu/~chet/ Download attachment "signature.asc" of type "application/pgp-signature" (192 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ