Hi Denny, On Thu, September 25, 2014 19:35, Denny Bortfeldt wrote: > Is it possible to fix also the 2nd part so that bash is really not > vulnerable at all? I saw that Gentoo patched the bash also twice.
It's indeed known that the bash fixes are incomplete. I would like to stress that the current fixes in bash already address a significant part of the attack possibilities so I'd strongly advise everyone to proceed with upgrading your systems now even if a further update may be forthcoming. Of interest may be the current patches that Huzaifa Sidhpurwala just posted to oss-security which sum up the current state of affairs of dealing with the shortcomings of the first patch. http://marc.info/?l=oss-security&m=141166689117442&w=2 Cheers, Thijs -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
