Re the above: the patch was *not* correctly applied in trusty package
bash_4.3-7ubuntu1.2.
lucid package bash_4.3-7ubuntu1.2 appears to have been upgraded fine,
and handles the test case correctly.
harry@mars:~$ md5sum Downloads/bash_4.3-7ubuntu1.1_amd64/bin/bash
Downloads/bash_4.3-7ubuntu1.2_amd64/bin/bash
3c263963be49239e113a5794d54b732a Downloads/bash_4.3-7ubuntu1.1_amd64/bin/bash
3c263963be49239e113a5794d54b732a Downloads/bash_4.3-7ubuntu1.2_amd64/bin/bash
harry@mars:~$ md5sum Downloads/bash_4.2-2ubuntu2.2_amd64/bin/bash
Downloads/bash_4.2-2ubuntu2.3_amd64/bin/bash
d63ff62f142e76205e89e4a4de553fec Downloads/bash_4.2-2ubuntu2.2_amd64/bin/bash
5ee533c7cd3a8246b4a3d7a29ffbe0b2 Downloads/bash_4.2-2ubuntu2.3_amd64/bin/bash
harry@mars:~$ env -i PATH="Downloads/bash_4.2-2ubuntu2.3_amd64/bin:$PATH" X='()
{ (a)=>\' bash -c 'echo date'; cat echo
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
date
cat: echo: No such file or directory
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1373781
Title:
bash incomplete fix for CVE-2014-6271
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
