On 2014-10-04 16:12:57 -0400 (-0400), Kevin wrote: > Hello. I am wondering if we have any knew info on shellshock? How > much of a threat is it at this point?
This is pretty off-topic as it has nothing whatsoever to do with cryptography. You should check out the oss-security mailing list[1] instead, which has several active discussion threads on that subject at the moment. That said, it was basically all solved with the prefix patch, and all the other related patches at this point are just optional parser hardening fixes. The current state of discussion is mostly putting together post-mortem timelines (the most recent epiphany seems to be that the behavior was introduced 25 years ago in the 1.03 release and was at the time announced as a positive feature). > Patch Tuesday anyone? Huh? You mean for Microsoft's "MS-Bash[TM]" fork? [1] http://www.openwall.com/lists/oss-security/ -- Jeremy Stanley _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
