[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201409-09.xml glsa-201409-10.xml

[Tobias Heinlein (keytoaster)]

keytoaster14/10/04 22:28:19

  Modified: glsa-201409-09.xml glsa-201409-10.xml
  Log:
  Add SLOTs to resolution, bug #524062, thanks to Nick Bowler for reporting.

Revision  ChangesPath
1.2  xml/htdocs/security/en/glsa/glsa-201409-09.xml

file : 
http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201409-09.xml?rev=1.2view=markup
plain: 
http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201409-09.xml?rev=1.2content-type=text/plain
diff : 
http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201409-09.xml?r1=1.1r2=1.2

Index: glsa-201409-09.xml
===
RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/glsa/glsa-201409-09.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- glsa-201409-09.xml  24 Sep 2014 22:18:13 -  1.1
+++ glsa-201409-09.xml  4 Oct 2014 22:28:19 -   1.2
@@ -9,7 +9,7 @@
   /synopsis
   product type=ebuildbash/product
   announcedSeptember 24, 2014/announced
-  revisedSeptember 24, 2014: 3/revised
+  revisedOctober 04, 2014: 4/revised
   bug523592/bug
   accesslocal, remote/access
   affected
@@ -43,28 +43,28 @@
 
 code
   # emerge --sync
-  # emerge --ask --oneshot --verbose gt;=app-shells/bash-3.1_p18
+  # emerge --ask --oneshot --verbose gt;=app-shells/bash-3.1_p18:3.1
 /code
 
 pAll Bash 3.2 users should upgrade to the latest version:/p
 
 code
   # emerge --sync
-  # emerge --ask --oneshot --verbose gt;=app-shells/bash-3.2_p52
+  # emerge --ask --oneshot --verbose gt;=app-shells/bash-3.2_p52:3.2
 /code
 
 pAll Bash 4.0 users should upgrade to the latest version:/p
 
 code
   # emerge --sync
-  # emerge --ask --oneshot --verbose gt;=app-shells/bash-4.0_p39
+  # emerge --ask --oneshot --verbose gt;=app-shells/bash-4.0_p39:4.0
 /code
 
 pAll Bash 4.1 users should upgrade to the latest version:/p
 
 code
   # emerge --sync
-  # emerge --ask --oneshot --verbose gt;=app-shells/bash-4.1_p12
+  # emerge --ask --oneshot --verbose gt;=app-shells/bash-4.1_p12:4.1
 /code
 
 pAll Bash 4.2 users should upgrade to the latest version:/p
@@ -79,5 +79,5 @@
 uri 
link=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6271;CVE-2014-6271/uri
   /references
   metadata tag=requester timestamp=Wed, 24 Sep 2014 16:00:19 
+a3li/metadata
-  metadata tag=submitter timestamp=Wed, 24 Sep 2014 22:06:57 
+a3li/metadata
+  metadata tag=submitter timestamp=Sat, 04 Oct 2014 22:25:14 
+a3li/metadata
 /glsa



1.2  xml/htdocs/security/en/glsa/glsa-201409-10.xml

file : 
http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201409-10.xml?rev=1.2view=markup
plain: 
http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201409-10.xml?rev=1.2content-type=text/plain
diff : 
http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201409-10.xml?r1=1.1r2=1.2

Index: glsa-201409-10.xml
===
RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/glsa/glsa-201409-10.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- glsa-201409-10.xml  25 Sep 2014 13:39:43 -  1.1
+++ glsa-201409-10.xml  4 Oct 2014 22:28:19 -   1.2
@@ -10,7 +10,7 @@
   /synopsis
   product type=ebuildbash/product
   announcedSeptember 25, 2014/announced
-  revisedSeptember 25, 2014: 1/revised
+  revisedOctober 04, 2014: 2/revised
   bug523592/bug
   accesslocal, remote/access
   affected
@@ -49,28 +49,28 @@
 
 code
   # emerge --sync
-  # emerge --ask --oneshot --verbose gt;=app-shells/bash-3.1_p18-r1
+  # emerge --ask --oneshot --verbose gt;=app-shells/bash-3.1_p18-r1:3.1
 /code
 
 pAll Bash 3.2 users should upgrade to the latest version:/p
 
 code
   # emerge --sync
-  # emerge --ask --oneshot --verbose gt;=app-shells/bash-3.2_p52-r1
+  # emerge --ask --oneshot --verbose gt;=app-shells/bash-3.2_p52-r1:3.2
 /code
 
 pAll Bash 4.0 users should upgrade to the latest version:/p
 
 code
   # emerge --sync
-  # emerge --ask --oneshot --verbose gt;=app-shells/bash-4.0_p39-r1
+  # emerge --ask --oneshot --verbose gt;=app-shells/bash-4.0_p39-r1:4.0
 /code
 
 pAll Bash 4.1 users should upgrade to the latest version:/p
 
 code
   # emerge --sync
-  # emerge --ask --oneshot --verbose gt;=app-shells/bash-4.1_p12-r1
+  # emerge --ask --oneshot --verbose gt;=app-shells/bash-4.1_p12-r1:4.1
 /code
 
 pAll Bash 4.2 users should upgrade to the latest version:/p
@@ -87,7 +87,7 @@
   metadata tag=requester timestamp=Thu, 25 Sep 2014 12:49:54 +
 keytoaster
   /metadata
-  metadata tag=submitter timestamp=Thu, 25 Sep 2014 

[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201409-09.xml

[Alex Legler (a3li)]

a3li14/09/24 22:18:13

  Added:glsa-201409-09.xml
  Log:
  GLSA 201409-09

Revision  ChangesPath
1.1  xml/htdocs/security/en/glsa/glsa-201409-09.xml

file : 
http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201409-09.xml?rev=1.1view=markup
plain: 
http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201409-09.xml?rev=1.1content-type=text/plain

Index: glsa-201409-09.xml
===
?xml version=1.0 encoding=UTF-8?
?xml-stylesheet href=/xsl/glsa.xsl type=text/xsl?
?xml-stylesheet href=/xsl/guide.xsl type=text/xsl?
!DOCTYPE glsa SYSTEM http://www.gentoo.org/dtd/glsa.dtd;
glsa id=201409-09
  titleBash: Code Injection/title
  synopsisA parsing flaw related to functions and environments in Bash could
allow attackers to inject code.
  /synopsis
  product type=ebuildbash/product
  announcedSeptember 24, 2014/announced
  revisedSeptember 24, 2014: 3/revised
  bug523592/bug
  accesslocal, remote/access
  affected
package name=app-shells/bash auto=yes arch=*
  unaffected range=rge3.1_p18/unaffected
  unaffected range=rge3.2_p52/unaffected
  unaffected range=rge4.0_p39/unaffected
  unaffected range=rge4.1_p12/unaffected
  unaffected range=ge4.2_p48/unaffected
  vulnerable range=lt4.2_p48/vulnerable
/package
  /affected
  background
pBash is the standard GNU Bourne Again SHell. /p
  /background
  description
pStephane Chazelas reported that Bash incorrectly handles function
  definitions, allowing attackers to inject arbitrary code.
/p
  /description
  impact type=high
pA remote attacker could exploit this vulnerability to execute arbitrary
  commands even in restricted environments.
/p
  /impact
  workaround
pThere is no known workaround at this time./p
  /workaround
  resolution
pAll Bash 3.1 users should upgrade to the latest version:/p

code
  # emerge --sync
  # emerge --ask --oneshot --verbose gt;=app-shells/bash-3.1_p18
/code

pAll Bash 3.2 users should upgrade to the latest version:/p

code
  # emerge --sync
  # emerge --ask --oneshot --verbose gt;=app-shells/bash-3.2_p52
/code

pAll Bash 4.0 users should upgrade to the latest version:/p

code
  # emerge --sync
  # emerge --ask --oneshot --verbose gt;=app-shells/bash-4.0_p39
/code

pAll Bash 4.1 users should upgrade to the latest version:/p

code
  # emerge --sync
  # emerge --ask --oneshot --verbose gt;=app-shells/bash-4.1_p12
/code

pAll Bash 4.2 users should upgrade to the latest version:/p

code
  # emerge --sync
  # emerge --ask --oneshot --verbose gt;=app-shells/bash-4.2_p48
/code

  /resolution
  references
uri 
link=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6271;CVE-2014-6271/uri
  /references
  metadata tag=requester timestamp=Wed, 24 Sep 2014 16:00:19 
+a3li/metadata
  metadata tag=submitter timestamp=Wed, 24 Sep 2014 22:06:57 
+a3li/metadata
/glsa