Your message dated Thu, 25 Sep 2014 22:48:37 +0000
with message-id <[email protected]>
and subject line Bug#762761: fixed in bash 4.1-3+deb6u2
has caused the Debian Bug report #762761,
regarding Re: Bug#762760: bash: CVE-2014-7169 due to incomplete fix
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
762761: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762761
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: bash
Version: 4.2+dfsg-0.1+deb7u1
Severity: grave
Tags: security
http://seclists.org/oss-sec/2014/q3/679
root@diatom:/tmp/empty>bash --version
GNU bash, version 4.2.37(1)-release (x86_64-pc-linux-gnu)
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
root@diatom:/tmp/empty>ls
root@diatom:/tmp/empty>X='() { function a a>\' bash -c gohomeyourdrunk
bash: X: line 1: syntax error near unexpected token `a'
bash: X: line 1: `'
bash: error importing function definition for `X'
root@diatom:/tmp/empty>ls
gohomeyourdrunk
root@diatom:/tmp/empty>
--
see shy jo
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: bash
Source-Version: 4.1-3+deb6u2
We believe that the bug you reported is fixed in the latest version of
bash, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thijs Kinkhorst <[email protected]> (supplier of updated bash package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 26 Sep 2014 00:10:13 +0200
Source: bash
Binary: bash bash-static bash-builtins bash-doc bashdb
Architecture: source all amd64
Version: 4.1-3+deb6u2
Distribution: squeeze-lts
Urgency: high
Maintainer: Matthias Klose <[email protected]>
Changed-By: Thijs Kinkhorst <[email protected]>
Description:
bash - The GNU Bourne Again SHell
bash-builtins - Bash loadable builtins - headers & examples
bash-doc - Documentation and examples for the The GNU Bourne Again SHell
bash-static - The GNU Bourne Again SHell (static version)
bashdb - The GNU Bourne Again SHell Debugger
Closes: 762760 762761
Changes:
bash (4.1-3+deb6u2) squeeze-lts; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add variables-affix.patch patch.
Apply patch from Florian Weimer to add prefix and suffix for environment
variable names which contain shell functions.
* Add parser-oob.patch patch.
Fixes two out-of-bound array accesses in the bash parser.
* Add CVE-2014-7169.diff diff.
CVE-2014-7169: Incomplete fix for CVE-2014-6271. (Closes: #762760, #762761)
Checksums-Sha1:
184bc50031cb14c7c34c33160bac67c7c9ac958f 1492 bash_4.1-3+deb6u2.dsc
97bc09677759cc4009a129cf574301f54a30dfc8 85777 bash_4.1-3+deb6u2.diff.gz
11d84b8c6c44b22856a886f18f6e4aea84da37fb 678314 bash-doc_4.1-3+deb6u2_all.deb
f7d3cf7d97e2416d965f9f11685af1b589586a38 1328258 bash_4.1-3+deb6u2_amd64.deb
a61de3da62f6abbfeb10f779f9e82ddaaccc8443 106852
bash-builtins_4.1-3+deb6u2_amd64.deb
ee5da1eb1d39f6542749550810ee8ce9bf4f5f13 884112
bash-static_4.1-3+deb6u2_amd64.deb
Checksums-Sha256:
dcf440868e901733ce02389a5a357eb3eb4794de48ad45d813946168e900f524 1492
bash_4.1-3+deb6u2.dsc
e64ee3179d581b8274ca245661fb713d532f861b369e9a1f1319df1c34c46012 85777
bash_4.1-3+deb6u2.diff.gz
8c9e6467f24c3837d4d03801f9abbbb03f7447fabb85ad68e15690c500a77f4d 678314
bash-doc_4.1-3+deb6u2_all.deb
7400f04d074f1699a1993fb79e16d77531fae5739122d87db80ea128cbd62275 1328258
bash_4.1-3+deb6u2_amd64.deb
15d75c3fcfe3b7d0b9196fed15ca951101ffd82845bfc66224bf8dd151fcd4de 106852
bash-builtins_4.1-3+deb6u2_amd64.deb
eec0ef7041c9ed999958ad1aa389da3c33a1bf1f9265eb2d7e9fb6728c198e95 884112
bash-static_4.1-3+deb6u2_amd64.deb
Files:
b01b6c1fa57365c86af7674f286f086b 1492 base required bash_4.1-3+deb6u2.dsc
565e6ccf144d817df95f956a6b6a49d1 85777 base required bash_4.1-3+deb6u2.diff.gz
31f749233b5dff0b2c3d7ba878f3c769 678314 doc optional
bash-doc_4.1-3+deb6u2_all.deb
ecac954e1879785164537809c6d0d053 1328258 shells required
bash_4.1-3+deb6u2_amd64.deb
2ef90833c809470c1a79960b817c4a2e 106852 utils optional
bash-builtins_4.1-3+deb6u2_amd64.deb
bdc1a77978d90544b792751982423ce4 884112 shells optional
bash-static_4.1-3+deb6u2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJUJJfBAAoJEFb2GnlAHawElcIH/RH9oZhc7JVAPUcYQ9PpRsHn
tZdMbFrR4tHTUkvi9x8af8V4jpeoEzLaxW2aZkFsdvn4kAje9ghnX0BzDFl9qb8r
KoWvEsGuwEELyVNOCHWMteg2kTUhVZduWVu0DwzlbG53lUn7N/HWQ8haSTSX1/TH
+QVhmwQ8DXlNChA6fQ5NLP36jHO7lbRRYeLG7pEzlbFzve4WCK/yb/hci5AiSHQ9
ZH7xAiZlQAnzx1CWUNnT8QgdUxPhXg1MEGJ7rtl4soDB6dngxCP0Uen9NYAb8PY6
l7AeGYecobZ3Em78d66Kola/IGnaVq3kcHHDRspeiUzsUunxb3v5pmszcthKsgg=
=SmT0
-----END PGP SIGNATURE-----
--- End Message ---
