On Wed 24 Sep 2014 at 16:52:50 -0400, Steve Litt wrote: > Bash Code Injection Vulnerability via Specially Crafted Environment > Variables (CVE-2014-6271) > > https://access.redhat.com/articles/1200223
[Snip] Nearly 50 minutes before your mail we had: To: [email protected] From: Iain M Conochie <[email protected]> Subject: bad bash bug Received: from bendel.debian.org ([127.0.0.1]) by localhost (lists.debian.org [127.0.0.1]) (amavisd-new, port 2525) with ESMTP id nEctwXCEm6Rb for <[email protected]>; Wed, 24 Sep 2014 20:07:06 +0000 (UTC) 6 hours prior to that there was: To: [email protected] From: Florian Weimer <[email protected]> Received: from bendel.debian.org ([127.0.0.1]) by localhost (lists.debian.org [127.0.0.1]) (amavisd-new, port 2525) with ESMTP id PC1cdgYAoqvP for <[email protected]>; Wed, 24 Sep 2014 14:06:15 +0000 (UTC) > Does anyone know if there's an fix for Debian's bash, and how to install > it? As shown above - at least two people knew. Reading debian-user isn't obligatory, even if you subscribe to it. You should consider subscribing to debian-security-announce. Installing a security upgrade? We have this little program called apt-get and a security archive. I'd advise you to become familiar with the ins and outs of Debian. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
