bash 4.3.29 released on savannah.gnu.org/projects/bash/ (= "4.3.28" + 3 line patch)
Fixes previously cited bugs. Douglas On 2/10/14 11:46 PM, Douglas Ray wrote: > > > On 2/10/14 8:42 AM, Sam Varghese wrote: > >> Fixes for older versions of OS X are available here: >> >> http://tenfourfox.blogspot.com.au/2014/09/bashing-bash-one-more-time-updated.html >> >> Sam >> _______________________________________________ >> luv-main mailing list >> [email protected] >> http://lists.luv.asn.au/listinfo/luv-main >> > > That claims to be an update for > CVE-2014-7186 > CVE-2014-7187 > > The version number "4.3.28" is unofficial (not on savannah.gnu.org > at time of writing). > > The two CVEs cite > http://openwall.com/lists/oss-security/2014/09/25/32 > http://openwall.com/lists/oss-security/2014/09/26/2 > http://openwall.com/lists/oss-security/2014/09/28/10 > for example bug demo, patches and discussion. > > Those discussions note that these "out by one" bugs are not > remotely accessible in the current (official) 4.3.27. > > Douglas > _______________________________________________ > luv-main mailing list > [email protected] > http://lists.luv.asn.au/listinfo/luv-main > _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
