Source: bash Version: 4.3-11 Severity: normal Tags: security upstream Hi Matthias,
the following vulnerability was published for bash. It apparently has been as well already reported to upstream, but have not found a public report on the bug-bash mailinglist. AFAIK Chet has not addedd a patch for this yet. CVE-2016-9401[0]: popd controlled free If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-9401 [1] http://www.openwall.com/lists/oss-security/2016/11/17/5 Regards, Salvatore