Your message dated Thu, 25 Sep 2014 22:48:37 +0000 with message-id <e1xxhq1-000083...@franck.debian.org> and subject line Bug#762761: fixed in bash 4.1-3+deb6u2 has caused the Debian Bug report #762761, regarding Re: Bug#762760: bash: CVE-2014-7169 due to incomplete fix to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 762761: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762761 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: bash Version: 4.2+dfsg-0.1+deb7u1 Severity: grave Tags: security http://seclists.org/oss-sec/2014/q3/679 root@diatom:/tmp/empty>bash --version GNU bash, version 4.2.37(1)-release (x86_64-pc-linux-gnu) Copyright (C) 2011 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software; you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. root@diatom:/tmp/empty>ls root@diatom:/tmp/empty>X='() { function a a>\' bash -c gohomeyourdrunk bash: X: line 1: syntax error near unexpected token `a' bash: X: line 1: `' bash: error importing function definition for `X' root@diatom:/tmp/empty>ls gohomeyourdrunk root@diatom:/tmp/empty> -- see shy jo
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---Source: bash Source-Version: 4.1-3+deb6u2 We believe that the bug you reported is fixed in the latest version of bash, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 762...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thijs Kinkhorst <th...@debian.org> (supplier of updated bash package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 26 Sep 2014 00:10:13 +0200 Source: bash Binary: bash bash-static bash-builtins bash-doc bashdb Architecture: source all amd64 Version: 4.1-3+deb6u2 Distribution: squeeze-lts Urgency: high Maintainer: Matthias Klose <d...@debian.org> Changed-By: Thijs Kinkhorst <th...@debian.org> Description: bash - The GNU Bourne Again SHell bash-builtins - Bash loadable builtins - headers & examples bash-doc - Documentation and examples for the The GNU Bourne Again SHell bash-static - The GNU Bourne Again SHell (static version) bashdb - The GNU Bourne Again SHell Debugger Closes: 762760 762761 Changes: bash (4.1-3+deb6u2) squeeze-lts; urgency=high . * Non-maintainer upload by the Security Team. * Add variables-affix.patch patch. Apply patch from Florian Weimer to add prefix and suffix for environment variable names which contain shell functions. * Add parser-oob.patch patch. Fixes two out-of-bound array accesses in the bash parser. * Add CVE-2014-7169.diff diff. CVE-2014-7169: Incomplete fix for CVE-2014-6271. (Closes: #762760, #762761) Checksums-Sha1: 184bc50031cb14c7c34c33160bac67c7c9ac958f 1492 bash_4.1-3+deb6u2.dsc 97bc09677759cc4009a129cf574301f54a30dfc8 85777 bash_4.1-3+deb6u2.diff.gz 11d84b8c6c44b22856a886f18f6e4aea84da37fb 678314 bash-doc_4.1-3+deb6u2_all.deb f7d3cf7d97e2416d965f9f11685af1b589586a38 1328258 bash_4.1-3+deb6u2_amd64.deb a61de3da62f6abbfeb10f779f9e82ddaaccc8443 106852 bash-builtins_4.1-3+deb6u2_amd64.deb ee5da1eb1d39f6542749550810ee8ce9bf4f5f13 884112 bash-static_4.1-3+deb6u2_amd64.deb Checksums-Sha256: dcf440868e901733ce02389a5a357eb3eb4794de48ad45d813946168e900f524 1492 bash_4.1-3+deb6u2.dsc e64ee3179d581b8274ca245661fb713d532f861b369e9a1f1319df1c34c46012 85777 bash_4.1-3+deb6u2.diff.gz 8c9e6467f24c3837d4d03801f9abbbb03f7447fabb85ad68e15690c500a77f4d 678314 bash-doc_4.1-3+deb6u2_all.deb 7400f04d074f1699a1993fb79e16d77531fae5739122d87db80ea128cbd62275 1328258 bash_4.1-3+deb6u2_amd64.deb 15d75c3fcfe3b7d0b9196fed15ca951101ffd82845bfc66224bf8dd151fcd4de 106852 bash-builtins_4.1-3+deb6u2_amd64.deb eec0ef7041c9ed999958ad1aa389da3c33a1bf1f9265eb2d7e9fb6728c198e95 884112 bash-static_4.1-3+deb6u2_amd64.deb Files: b01b6c1fa57365c86af7674f286f086b 1492 base required bash_4.1-3+deb6u2.dsc 565e6ccf144d817df95f956a6b6a49d1 85777 base required bash_4.1-3+deb6u2.diff.gz 31f749233b5dff0b2c3d7ba878f3c769 678314 doc optional bash-doc_4.1-3+deb6u2_all.deb ecac954e1879785164537809c6d0d053 1328258 shells required bash_4.1-3+deb6u2_amd64.deb 2ef90833c809470c1a79960b817c4a2e 106852 utils optional bash-builtins_4.1-3+deb6u2_amd64.deb bdc1a77978d90544b792751982423ce4 884112 shells optional bash-static_4.1-3+deb6u2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUJJfBAAoJEFb2GnlAHawElcIH/RH9oZhc7JVAPUcYQ9PpRsHn tZdMbFrR4tHTUkvi9x8af8V4jpeoEzLaxW2aZkFsdvn4kAje9ghnX0BzDFl9qb8r KoWvEsGuwEELyVNOCHWMteg2kTUhVZduWVu0DwzlbG53lUn7N/HWQ8haSTSX1/TH +QVhmwQ8DXlNChA6fQ5NLP36jHO7lbRRYeLG7pEzlbFzve4WCK/yb/hci5AiSHQ9 ZH7xAiZlQAnzx1CWUNnT8QgdUxPhXg1MEGJ7rtl4soDB6dngxCP0Uen9NYAb8PY6 l7AeGYecobZ3Em78d66Kola/IGnaVq3kcHHDRspeiUzsUunxb3v5pmszcthKsgg= =SmT0 -----END PGP SIGNATURE-----
--- End Message ---
