[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Patch to Vulnerability Linkage
From: |
Nathan McGarvey |
Subject: |
Re: Patch to Vulnerability Linkage |
Date: |
Fri, 3 Oct 2014 10:06:17 -0400 |
Thanks much for the list and all the rapid patch releases as of late. Good
stuff.
-Nathan
On Fri, Oct 3, 2014 at 8:56 AM, Chet Ramey <chet.ramey@case.edu> wrote:
> On 10/3/14, 4:55 AM, Nathan McGarvey wrote:
> > Is there any linkage between bash patches and known CVE (or any other
> > database) IDs? (Source-code comment, bug-tracker, etc.)
> > I understand that there is not a one<->one relationship, but for the
> > bug-fixes that do pertain to one or more vulnerability entry, it may be
> > beneficial to outright state "this patch is designed to fix X".
>
> Yes, here's a list. I lose track of the CVE IDs myself.
>
> bash43-025 CVE-2014-6271 9/24/2014
> bash43-026 CVE-2014-7169 9/26/2014
> bash43-027 exported function namespace change 9/27/2014
> bash43-028 CVE-2014-7186/CVE-2014-7187 10/1/2014
> bash43-029 CVE-2014-6277 10/2/2014
>
> There is still one more, for CVE-2014-6278, that I have to do some minor
> work on before rolling out patches.
>
> Chet
>
> --
> ``The lyf so short, the craft so long to lerne.'' - Chaucer
> ``Ars longa, vita brevis'' - Hippocrates
> Chet Ramey, ITS, CWRU chet@case.edu
> http://cnswww.cns.cwru.edu/~chet/
>