Hi Dan and Yann, On Thu, Sep 25, 2014 at 2:15 AM, Yann Rouillard <[email protected]> wrote: > Hi, > > Yes, it is vulnerable. > But bash-4.3.25,REV=2014.09.25 mitigates this security issue, you will find > this package in my experimental repository > http://buildfarm.opencsw.org/opencsw/experimental/yann and it will soon land > in unstable and testing repositories. > > However the story is not finished as the current fix doesn't yet solve all > the problems, another CVE has been issued to track the remaining ones: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169 > > Expect another update when the new security fix is out. > > Yann >
Thank you very much for that information. Meanwhile I had compiled my own bash binary using source package and the patch. But I wasn't really aware there is another issue not fixed yet. Glad I posted this question. Thanks again. Upen
