[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-2014-7187 and CVE-2014-6278

From: Greg Wooledge
Subject: Re: CVE-2014-7187 and CVE-2014-6278
Date: Mon, 17 Nov 2014 11:53:08 -0500
User-agent: Mutt/

On Mon, Nov 17, 2014 at 04:22:53PM +0000, Stephane Chazelas wrote:
> The real bug doesn't have a CVE attached to it because it's not
> a vulnerability or bug. It was "allowing the bash parser to be
> exposed to untrusted data", more a very unsafe design that was
> allowing any minor bug to turn into serious vulnerabilities.

Apparently I'm not very good at reading the vague, cryptic wording
in these CVE reports.

What I was trying to say originally was the same thing that you said;
namely, that the real fix to all this mess is bash43-027 which changes
the implementation of exported functions from foo='...' to

reply via email to

[Prev in Thread] Current Thread [Next in Thread]