Re: Shellshock: Has CVE-2014-7186 and CVE-2014-7187 been addressed for debian

2014-09-27 Thread Henrique de Moraes Holschuh
On Sat, 27 Sep 2014, john wrote: > I was wondering if CVE-2014-7186 and CVE-2014-7187 been addressed yet for > Debian. I note that Ubuntu pushed another patch addressing these earlier > today. Yes, both are addressed by DSA-3035-1. AFAIK, these CVE numbers were not yet assigned at the time of the

AW: Shellshock: Has CVE-2014-7186 and CVE-2014-7187 been addressed for debian

2014-09-27 Thread Denny Bortfeldt
: Re: Shellshock: Has CVE-2014-7186 and CVE-2014-7187 been > addressed for debian > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On 28/09/2014 4:29 AM, Martin Holub wrote: > > Please according to the Security Tracker [1,2] booth are fixed in > > stable and

Re: Shellshock: Has CVE-2014-7186 and CVE-2014-7187 been addressed for debian

2014-09-27 Thread Cyril Brulebois
Conrad Nelson (2014-09-27): > On Sun, 2014-09-28 at 06:33 +1000, Andrew McGlashan wrote: > > On 28/09/2014 4:29 AM, Martin Holub wrote: > > > Please according to the Security Tracker [1,2] booth are fixed in stable > > > and oldstable. > > > > NOT QUITE . fixed in stable [wheezy] > > and "o

Re: Shellshock: Has CVE-2014-7186 and CVE-2014-7187 been addressed for debian

2014-09-27 Thread Joe
On Sun, 28 Sep 2014 06:33:13 +1000 Andrew McGlashan wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On 28/09/2014 4:29 AM, Martin Holub wrote: > > Please according to the Security Tracker [1,2] booth are fixed in > > stable and oldstable. > > NOT QUITE . fixed in stable [whee

Re: Shellshock: Has CVE-2014-7186 and CVE-2014-7187 been addressed for debian

2014-09-27 Thread Conrad Nelson
On Sun, 2014-09-28 at 06:33 +1000, Andrew McGlashan wrote: > On 28/09/2014 4:29 AM, Martin Holub wrote: > > Please according to the Security Tracker [1,2] booth are fixed in stable > > and oldstable. > > NOT QUITE . fixed in stable [wheezy] > and "oldstable-LTS" [squeeze-lts] > > >

Re: Shellshock: Has CVE-2014-7186 and CVE-2014-7187 been addressed for debian

2014-09-27 Thread Andrew McGlashan
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 28/09/2014 4:29 AM, Martin Holub wrote: > Please according to the Security Tracker [1,2] booth are fixed in stable > and oldstable. NOT QUITE . fixed in stable [wheezy] and "oldstable-LTS" [squeeze-lts] BUT NOT oldstable [squeeze

Re: Shellshock: Has CVE-2014-7186 and CVE-2014-7187 been addressed for debian

2014-09-27 Thread Joe
On Sat, 27 Sep 2014 20:29:12 +0200 Martin Holub wrote: > Hi, > > Please according to the Security Tracker [1,2] booth are fixed in > stable and oldstable. > And unstable, I don't have a testing installation, but I'd have thought that should also be done by now. > > [1] https://security-tracke

Re: Shellshock: Has CVE-2014-7186 and CVE-2014-7187 been addressed for debian

2014-09-27 Thread Martin Holub
Hi, Please according to the Security Tracker [1,2] booth are fixed in stable and oldstable. Cheers. [1] https://security-tracker.debian.org/tracker/CVE-2014-7186 [2] https://security-tracker.debian.org/tracker/CVE-2014-7187 On 27/09/14 20:18, john wrote: > Hello, > > I was wondering if CVE-2014

Shellshock: Has CVE-2014-7186 and CVE-2014-7187 been addressed for debian

2014-09-27 Thread john
Hello, I was wondering if CVE-2014-7186 and CVE-2014-7187 been addressed yet for Debian. I note that Ubuntu pushed another patch addressing these earlier today. Thanks! John