A NOTE has been added to this issue. ====================================================================== https://www.opencsw.org/mantis/view.php?id=5208 ====================================================================== Reported By: laurent Assigned To: ====================================================================== Project: bash Issue ID: 5208 Category: regular use Reproducibility: have not tried Severity: block Priority: normal Status: new ====================================================================== Date Submitted: 2014-09-25 09:46 CEST Last Modified: 2014-09-25 10:40 CEST ====================================================================== Summary: Major vulnerabilities in bash Description: It's been reported that the recently announced vulnerabilities in bash are impacting OpenCSW's.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169 ====================================================================== ---------------------------------------------------------------------- (0010922) laurent (developer) - 2014-09-25 10:40 https://www.opencsw.org/mantis/view.php?id=5208#c10922 ---------------------------------------------------------------------- >From the m/l: Hi, Yes, it is vulnerable. But bash-4.3.25,REV=2014.09.25 mitigates this security issue, you will find this package in my experimental repository http://buildfarm.opencsw.org/opencsw/experimental/yann and it will soon land in unstable and testing repositories. However the story is not finished as the current fix doesn't yet solve all the problems, another CVE has been issued to track the remaining ones: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169 Expect another update when the new security fix is out. Yann
