Re: [PATCH 0/2] Add graft for Bash CVE-2017-5932

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 0/2] Add graft for Bash CVE-2017-5932

From:	Ludovic Courtès
Subject:	Re: [PATCH 0/2] Add graft for Bash CVE-2017-5932
Date:	Fri, 10 Feb 2017 16:48:21 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

Ludovic Courtès <address@hidden> skribis:

> This patch fixes Bash CVE-2017-5932, which is a remote code execution
> vulnerability triggered by file name completion and disclosed on Wednesday:
>
>   
> https://github.com/jheyens/bash_completion_vuln/raw/master/2017-01-17.bash_completion_report.pdf
>   http://www.openwall.com/lists/oss-security/2017/02/07/9
>
> I'll apply it today if there are no objections.

Pushed!

I recommend updating since this issue becomes a real problem in
conjunction with browsers that download files without first opening a
dialog box, for example.

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/2] Add graft for Bash CVE-2017-5932, Ludovic Courtès, 2017/02/10
- [PATCH 1/2] gnu: bash: Update patch URL to 4.4., Ludovic Courtès, 2017/02/10
- [PATCH 2/2] gnu: bash: Add graft for patch #7 [fixes CVE-2017-5932]., Ludovic Courtès, 2017/02/10
- Re: [PATCH 0/2] Add graft for Bash CVE-2017-5932, Ludovic Courtès <=
- Re: [PATCH 0/2] Add graft for Bash CVE-2017-5932, Leo Famulari, 2017/02/11

Prev by Date: Re: [PATCH] gnu: Add tlp.
Next by Date: Re: [PATCH v3] gnu: Add dub-build-system.
Previous by thread: [PATCH 2/2] gnu: bash: Add graft for patch #7 [fixes CVE-2017-5932].
Next by thread: Re: [PATCH 0/2] Add graft for Bash CVE-2017-5932
Index(es):
- Date
- Thread