On Wed, Oct 08, 2014 at 09:39:39AM +0000, Stuart Henderson wrote: > On 2014-10-08, Jason Adams <adams...@gmail.com> wrote: > > On 09/29/2014 05:00 AM, Peter Hessler wrote: > >> You tested bash. All 3 shells are behaving correctly by passing the env > >> variable to the bash command you are running. the bash command you are > >> running is behaving incorrectly by parsing the variable as a function. > > > > So the question is, for those of us that have added the bash package, > > why is bash still vulnerable after all these weeks, when everyone else has > > fixed > > their bash packages? > > > > Just checked for updated pkg, today, and its still vulnerable. > > Release packages (e.g. in $mirror/pub/OpenBSD/5.5/packages/amd64) > do not get updated after the release is built. (Yes this means 5.6 too - > the cut-off point was around early August). > > There are updates in the 5.5-stable ports tree that you can build > yourself (see the faq), or see https://stable.mtier.org/ (third-party).
How affiliate mtier with OpenBSD? Is it safe method/source for update? Who they are?