Your message dated Fri, 26 Sep 2014 16:17:05 +0000 with message-id <e1xxycf-00039z...@franck.debian.org> and subject line Bug#762760: fixed in bash 4.2+dfsg-0.1+deb7u2 has caused the Debian Bug report #762760, regarding bash: CVE-2014-7169: Incomplete fix for CVE-2014-6271 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 762760: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762760 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: bash Version: 4.2+dfsg-0.1+deb7u1 Severity: grave Tags: security http://seclists.org/oss-sec/2014/q3/679 root@diatom:/tmp/empty>bash --version GNU bash, version 4.2.37(1)-release (x86_64-pc-linux-gnu) Copyright (C) 2011 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software; you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. root@diatom:/tmp/empty>ls root@diatom:/tmp/empty>X='() { function a a>\' bash -c gohomeyourdrunk bash: X: line 1: syntax error near unexpected token `a' bash: X: line 1: `' bash: error importing function definition for `X' root@diatom:/tmp/empty>ls gohomeyourdrunk root@diatom:/tmp/empty> -- see shy josignature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---Source: bash Source-Version: 4.2+dfsg-0.1+deb7u2 We believe that the bug you reported is fixed in the latest version of bash, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 762...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated bash package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 25 Sep 2014 07:23:43 +0200 Source: bash Binary: bash bash-static bash-builtins bash-doc Architecture: source all amd64 Version: 4.2+dfsg-0.1+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Matthias Klose <d...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: bash - GNU Bourne Again SHell bash-builtins - Bash loadable builtins - headers & examples bash-doc - Documentation and examples for the The GNU Bourne Again SHell bash-static - GNU Bourne Again SHell (static version) Closes: 762760 762761 Changes: bash (4.2+dfsg-0.1+deb7u2) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2014-7169.diff diff. CVE-2014-7169: Incomplete fix for CVE-2014-6271. (Closes: #762760, #762761) Checksums-Sha1: 3b3f1bb29cd47318290b811ef44d969f0f53942b 2169 bash_4.2+dfsg-0.1+deb7u2.dsc bcaee2379421890e7afa1b15a3ffe12aa809f801 89830 bash_4.2+dfsg-0.1+deb7u2.diff.gz 39489825c44e6e9cc2e243c3853bd95b789475b0 695726 bash-doc_4.2+dfsg-0.1+deb7u2_all.deb 04d7cf33fb9b601fca129151b8e31ff5c596f99c 1500310 bash_4.2+dfsg-0.1+deb7u2_amd64.deb 21c76ff6e420994be1a35a31efa1a1a1ab77a81f 112640 bash-builtins_4.2+dfsg-0.1+deb7u2_amd64.deb 9f8255147a14f6897396fe080c21f9e08e317e68 939248 bash-static_4.2+dfsg-0.1+deb7u2_amd64.deb Checksums-Sha256: 01691a144b510cae4d9d09fe308397bcde8f54002787999234418a3d62273dd6 2169 bash_4.2+dfsg-0.1+deb7u2.dsc 6c087121e3dc1dde98e1c53590cbb538fe063481e3eab396b958b89cb05030d5 89830 bash_4.2+dfsg-0.1+deb7u2.diff.gz f41624735cd53036c3ae7b0b680b56b3649e8355995922105b669a2c55c5fce5 695726 bash-doc_4.2+dfsg-0.1+deb7u2_all.deb 3a40fae085f1eade16e75e5b0aacf0a47217538c2551d3f6b924e389dc50b64d 1500310 bash_4.2+dfsg-0.1+deb7u2_amd64.deb e64c4ea1826f845c0ddef711391d2b0afb3d7d2d32ce2da6f6000a62d6464609 112640 bash-builtins_4.2+dfsg-0.1+deb7u2_amd64.deb c51cf749db53f8531f0f58c284f12779c727a11cb82a4276f880f7ede66e1395 939248 bash-static_4.2+dfsg-0.1+deb7u2_amd64.deb Files: 0075ec8d94c11fa9a9269fd3526f4f4e 2169 base required bash_4.2+dfsg-0.1+deb7u2.dsc ab2a2f8d3eab8a42cf53e3e28b99ff96 89830 base required bash_4.2+dfsg-0.1+deb7u2.diff.gz 4e2b46b31fc5bdfaed3c4a634dcc25db 695726 doc optional bash-doc_4.2+dfsg-0.1+deb7u2_all.deb d17ae7ad0c8175c25ecb1cd07546709d 1500310 shells required bash_4.2+dfsg-0.1+deb7u2_amd64.deb 15d0e6837813b7efe56bbfdcddc097d3 112640 utils optional bash-builtins_4.2+dfsg-0.1+deb7u2_amd64.deb 8ed30126a4dda6e824b84d04adfbf6e2 939248 shells optional bash-static_4.2+dfsg-0.1+deb7u2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUI8L8AAoJEAVMuPMTQ89EJRUP/0oXcwhyIJs7DRceFF6zUiA/ sqpn3q+6MFS4+drLGZY1H9B9v0Bfypcg8MWvkxPTCjdc7zoEiGkbxPgoF6XdAMFr UMgYf0XO7cBjcT1BSF00tunIHbS3McRZat5gEnb53G5GpuDQ9uk/0OhzBUsqtbrf E50j1LSDFSH2xrRC2URMeWQCGdok33buuKAI0n2W5stp/ks0g4XQoHQcKWChvTal FixE2R85efBRdspvZj7npkLxBi/cuVZK/2kJ4PG6LHTiN749dkNUPUwhR/BPQTZa 5MYBdsz2X5vGC8CUpqTSjgxLnM0wH6HzxozSY9+R6rynRrHjHzaEyA1iIMjOeBqK F3GxbZaRBn+UxRSLFHIgweIs+XQpmqTjmPYG6rTGz6Uphrzib3pkU2iW6q7LdRfg 4nFAm/3vPQFjhW1zf4C/438KU5NyWAJbLJSw6NXsc6Gr2OVql/gyXUf9MoGhOp2W MNA402QXJa1mz4yxQOThKbjpbfT4+wFVgaOL9OAL96t9DvaEysUdBRAuloskqQSi RrRvSYAyTB9i9V1hIY9zi6u7XG6lyynPz+CQ0rtGfl3YDgxiJXFgxGo1vf4A9ITA BZDc2n6i3ULfP1bBByc/hZIMQQAz1LBtug8W/LYSip9I2m4RCKKoouXOH08ADYJ0 P6zyoEo6zdAudQ82H2+H =polO -----END PGP SIGNATURE-----
--- End Message ---