On 13/10/14 at 03:50pm, Georgi Guninski wrote: > lol :) > > https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-September/002679.html > > USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the > patch > for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS > package. This update fixes the problem. > > We apologize for the inconvenience.
Don't trust distro that do not use vanilla packages (like Debian, of course). Try to trust who build vanilla packages; usually developers know much more on their software than an anonymous packager. For example, I cite ArchLinux [1] where it is clear that they take patches directly from [2]. Have a nice day [1] https://projects.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/bash&id=6faff0d7b1cc951d8bf949b142d070788a8f56e2 [2] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/
