On Tue, Sep 20, 2016 at 04:55:30PM -0400, Leo Famulari wrote: Any advice on how we should handle CVE-2016-0634? http://seclists.org/oss-sec/2016/q3/534
Like the comment there says, it is only a problem if the machine has already been owned, so I don't see what the issue is. If there is an issue it is for the bash maintainers to patch. J' -- Avoid eavesdropping. Send strong encrypted email. PGP Public key ID: 1024D/2DE827B3 fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3 See http://sks-keyservers.net or any PGP keyserver for public key.
Description: Digital signature