Re: Patch to Vulnerability Linkage

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Patch to Vulnerability Linkage

From:	Chet Ramey
Subject:	Re: Patch to Vulnerability Linkage
Date:	Fri, 03 Oct 2014 08:56:41 -0400
User-agent:	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

On 10/3/14, 4:55 AM, Nathan McGarvey wrote:
>     Is there any linkage between bash patches and known CVE (or any other
> database) IDs? (Source-code comment, bug-tracker, etc.)
>     I understand that there is not a one<->one relationship, but for the
> bug-fixes that do pertain to one or more vulnerability entry, it may be
> beneficial to outright state "this patch is designed to fix X".

Yes, here's a list.  I lose track of the CVE IDs myself.

bash43-025      CVE-2014-6271                           9/24/2014
bash43-026      CVE-2014-7169                           9/26/2014
bash43-027      exported function namespace change      9/27/2014
bash43-028      CVE-2014-7186/CVE-2014-7187             10/1/2014
bash43-029      CVE-2014-6277                           10/2/2014

There is still one more, for CVE-2014-6278, that I have to do some minor
work on before rolling out patches.

Chet

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    address@hidden    http://cnswww.cns.cwru.edu/~chet/

[Prev in Thread]

Current Thread

[Next in Thread]

Patch to Vulnerability Linkage, Nathan McGarvey, 2014/10/03
- Re: Patch to Vulnerability Linkage, Chet Ramey <=
  - Re: Patch to Vulnerability Linkage, Stephane Chazelas, 2014/10/03
  - Re: Patch to Vulnerability Linkage, Nathan McGarvey, 2014/10/03

Prev by Date: Re: bash-2.05b patch 11 is missing from ftp.gnu.org
Next by Date: Re: Patch to Vulnerability Linkage
Previous by thread: Patch to Vulnerability Linkage
Next by thread: Re: Patch to Vulnerability Linkage
Index(es):
- Date
- Thread