Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 7 Feb 2017 20:19:19 -0500
From: <cve-assign@...re.org>
To: <jens.heyens@...pa.saarland>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>,
	<stock@...uni-saarland.de>
Subject: Re: CVE Request - Code execution vulnerability in GNU/bash v4.4 autocompletion

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://github.com/jheyens/bash_completion_vuln/raw/master/2017-01-17.bash_completion_report.pdf
> http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715

Use CVE-2017-5932.

The scope of this CVE is the single vulnerability resulting from the
combination of the "Double dequoting of dirname" issue and the "Flags
not being forwarded in expand_word_internal" issue.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYmm+6AAoJEHb/MwWLVhi2m+gP/A9e0TfQWk4soMJkiZCQAOBt
yGI3xQtDUWGqMBvKTajCNufdRRU3mTjWmf5RDZNmF6HRbinwqiMSxUDpWC/+Rofk
CD/8u0VHRVuZ1DLiN1mbhjLlbZxWxzCX4uJgU5fabYTXxvbnIK36mxNS+MSa9dr/
zUBMs7eOM19wcNcbVr53sURjEqroEKB7qX+JxE1kSvh8BxDi/mLDM5AAQk8cOXPh
qK+cPhejya1QMq16iozxZsOdd7gsiPE63TGBYjXeoN40ypmfNDduPe474gnIyChc
kfKpjWT9+8SwyC8MPmteEJkdgTtJymmoxh7u9Z13KPNjZrafvbVH1HokwwGRkzGo
J5rg6wWE0JOF72t3f+v3abZYaoETuGjeSWKU/v0qTdQQnFYOVN7s6VvDTd/Uc0lD
0a/ZZl4QvQ/gl5gczAU8rElVTZcQ/DnEwGy2vkbs9vu1/Baxf+v7Hs6r2oaGLbgN
HixcoyE9P0ftuqXqEjnS6juXGijl7Yrg/lbWKidbuL+G+u09XY6qzI03+2MPNScA
xtDxwQHXY7htROuvWuWW1kSFwAL28hvdA4b0Qi3s7OfgW+X6obaVR5JTeAvPNFQN
2LU3ZS5Qi5yjBX9iB1/nuybLCxN/5JCBQgvAij6dV1PAD2IiO4Kz3wC8uPV5D+eb
NuHugptNphEzgZaSOI5u
=v+0f
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ