Excellent. Thanks so much Yann and the CSW team. On Fri, Sep 26, 2014 at 2:14 PM, Yann Rouillard <[email protected]> wrote: > Hi Upendra, > > FYI, the new security fix is out. The last opencsw bash package, > bash-4.3.25,REV=2014.09.26, contains that fix and is not vulnerable to > CVE-2014-7169. It should land soon in stable, testing and unstable > repositories on all opencsw mirrors. > > Yann > > > 2014-09-25 13:45 GMT+02:00 upen <[email protected]>: >> >> Hi Dan and Yann, >> >> On Thu, Sep 25, 2014 at 2:15 AM, Yann Rouillard <[email protected]> >> wrote: >> > Hi, >> > >> > Yes, it is vulnerable. >> > But bash-4.3.25,REV=2014.09.25 mitigates this security issue, you will >> > find >> > this package in my experimental repository >> > http://buildfarm.opencsw.org/opencsw/experimental/yann and it will soon >> > land >> > in unstable and testing repositories. >> > >> > However the story is not finished as the current fix doesn't yet solve >> > all >> > the problems, another CVE has been issued to track the remaining ones: >> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169 >> > >> > Expect another update when the new security fix is out. >> > >> > Yann >> > >> >> Thank you very much for that information. Meanwhile I had compiled my >> own bash binary using source package and the patch. But I wasn't >> really aware there is another issue not fixed yet. Glad I posted this >> question. >> >> Thanks again. >> Upen > >
-- upen, emerge -uD life (Upgrade Life with dependencies)
