On 2/10/14 8:42 AM, Sam Varghese wrote:
> Fixes for older versions of OS X are available here: > > http://tenfourfox.blogspot.com.au/2014/09/bashing-bash-one-more-time-updated.html > > Sam > _______________________________________________ > luv-main mailing list > [email protected] > http://lists.luv.asn.au/listinfo/luv-main > That claims to be an update for CVE-2014-7186 CVE-2014-7187 The version number "4.3.28" is unofficial (not on savannah.gnu.org at time of writing). The two CVEs cite http://openwall.com/lists/oss-security/2014/09/25/32 http://openwall.com/lists/oss-security/2014/09/26/2 http://openwall.com/lists/oss-security/2014/09/28/10 for example bug demo, patches and discussion. Those discussions note that these "out by one" bugs are not remotely accessible in the current (official) 4.3.27. Douglas _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
